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W  ’sless  challenges 

Wireless  networks  bring  flexibility,  but  IT  managers 
say  interference,  latency  and  security  issues  can  be 
challenging.  Page  12. 


’Net  has  big  problems 

Columnist  JohnaTill  Johnson  writes:  Lack  of 
v  access  capacity  isn't  even  the  worst  problem 
k  A  facing  the  Internet.  Page  18. 


IPv6  coming, 
ready  or  not 

IPv6  poses  economic, 
security  challenges 
for  companies, 
FutureNet  panelists 
say.  Page  14. 


Newcomer  hits 
Windows  virtualiza¬ 
tion  realm 

AppZero  promises 
to  help  users  move 
server  applications 
between  internal  and 
cloud  platforms. 

Page  16. 


Multi-gigabit  wire¬ 
less  spec  on  tap 

Microsoft,  chip  mak¬ 
ers  band  together  on 
wireless  front. 

Page  16. 
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INTEROP 


Interop  faces  an 
industry  in  economic 
turmoil  and  swine  flu 
concerns  that  may 
prevent  people  from 
traveling  to  the  show. 


INSIDE:  The  Network  World 
Las  Vegas  Interop  2009 
Planning  Guide.  Page  27 


GO  ONLINE:  Interop  soldiers 
on  in  the  face  of  a  bad 
economy,  swine  flu. 
www.nwdocfinder.com/9224 

Interop:  25  random  things 
about  Las  Vegas. 
www.nwdocfinder.com/9225 


Switch  vendors  riding 
10G  Ethernet  wave 


BY  JIM  DUFFY 

Announcements  from  four  vendors 
this  week  highlight  a  growing  trend  in 
data  center  networking:  the  rapid  uptake 
of  10  Gigabit  Ethernet  to  accommodate 
increasing  computational  and  storage 
density  brought  on  by  application 
growth,  increasing  use  of  blade  servers 
and  large-scale  virtualization. 

Brocade,  Extreme  Networks,  3Com  and 
Force  10  Networks  are  all  unveiling  new 
or  enhanced  products  designed  to 
accommodate  the  growing  use  of  10G 
Ethernet  in  data  centers.  The  products 
range  from  a  core  switch  to  end-of-row 
and  top-of-rack  devices,  and  modules 
that  support  very  high  density  10/100/ 
1000Mbps  Ethernet  aggregation. 

Users  are  deploying  10G  Ethernet  to 
aggregate  hundreds  of  Gigabit  Ethernet 
server  connections  and  even  linking  10G 


Ethernet  server  network-interface  cards 
into  the  data  center  switching  fabric.  In 
fact,  10G  Ethernet  is  peaking  right  now, 
vendors  say  just  before  40/100G  Ethernet 
products  and  standards  are  expected  to 
be  finalized  this  year. 

Brocade  unveiled  its  first  10G  Ethernet 
top-of-rack  switch  with  the  Turboiron  24X 
—  a  1RU  device  supporting  24  10G  Ether¬ 
net  SFP+  ports  and  line  rate,  non-block¬ 
ing  performance  of  488Gbps.The  Turbo- 
Iron  24X  also  features  1/10G  Ethernet 
dual-speed  ports  to  assist  users  in  migrat¬ 
ing  from  Gigabit  Ethernet  to  10G  Ether¬ 
net,  and  four  10/100/1000  copper  ports 
for  shorter  range  and  lower  speed  server 
connections. 

Brocade  says  the  Turboiron  24X  offers  a 
40%  to  65%  reduction  in  total  cost  of 
ownership  (TCO)  over  a  five-year  period 

See  Switches,  page  36 


World  IT  event  is 
coming  to  a  city  near 
youlThe  event  fea¬ 
tures  10  IT  tracks; 
vendor  expo;  peer 
case  studies. 
Register  at: 
www.nwdocfinder. 
com/8728 
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The  inefficiency,  complexity  and  rising  energy  costs  of  twentieth-century  datacenters 
simply  can’t  support  the  demands  of  twenty-first-century  business.  The  IBM  BladeCenter® 
HS22  with  Intel®  Xeon®  Processor  5500  Series  can  improve  the  economics  of  your 
datacenter  by  using  up  to  95%  less  space  and  90%  less  energy  than  competitive  rack 
servers  deployed  3  years  ago,  all  without  sacrificing  performance?  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 


Learn  how  to  improve  performance  and  costs  at  ibm.com/green/bladecenter 
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’For  complete  details,  go  to  www.ibm.com/green/disclaimer.  IBM,  the  IBM  logo,  ibm.com  and  BladeCenter  are  trademarks  of  International 
many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  “Copyright  and  trademark  information"  at  wwvy|^|2 
Logo.  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries 
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!5s  Machines  Corporation,  registered  in 
om/legal/copytrade.shtmt.  Intel,  the  Intel 
9  IBM  Corporation.  All  rights  reserved. 
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NETWORK  INFRASTRUCTURE 

12  Juniper  bolsters  branch  router, 
switch  line. 

12  Wireless  networks  must  overcome 
challenges. 

14  FutureNet  2009:  IPv6  is  coming. 

16  Multi-gigabit  spec  speeds  along. 

16  AppZero  debuts  server  app  tool. 

18  Opinion  Scott  BradnenThe  good 
cyberattack. 

38  Opinion  BackSpin:  Cy  berbu  I  lying? 
No,  it’s  just  bullying. 

APPLICATION  SERVICES 

38  Opinion  ‘Net  Buzz:  Meet  Francis, 
a  failed  phisher. 


COOLTOOLS 


■  The  Voyager  PRO  Bluetooth  headset, 
by  Plantronic,  is  a  noise-canceling 
headset  with  a  comfortable  fit. 

See  Cool  Tools,  page  24. 


Where’s 
ail  the 

Global  e-mail  spam  volumes  have 
dropped  20%  for  the  first  quarter  com¬ 
pared  with  the  same  period  last  year, 
according  to  McAfee’s  latest  research. 
McAfee  attributes  the  dramatic  reduc¬ 
tion  to  the  November  shutdown  of  the 
notorious  McColo  spam-generating 
site.  In  the  McAfeeThreat  Report  for 
the  First  Quarter  2009,  the  security  firm 
said  spam  levels  are  still  30%  below 
their  peak  seen  in  the  third  quarter  of 
last  year  right  before  the  shutdown  of 
the  rogue  ISP  McColo. 


SERVICE  PROVIDERS 

18  Opinion  Johna  Till  JohnsonrThe 

Internet  sky  is  really  falling. 

TECH  UPDATE 

22  Migrating  to  all-IP  video  surveillance. 

24  Mark  Gibbs:  Debugging  the 
Interwebs. 

24  Keith  Shaw:  Voyager  headset  goes  pro. 
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Alcatel-Lucent  rings  up  big  loss 

Alcatel-Lucent  reported  a  nearly  7% 
drop  in  first-quarter  revenue  compared 
with  last  year,  while  losses  more  than 
doubled.  Revenue  fell  to  $4.82  billion  for 
the  first  quarter,  from  $5.2  billion  a  year 
earlier,  while  the  net  loss  rose  to  $536 
million.  Not  surprisingly,  CFO  Paul 
Tufano  said:  “We  are  disappointed  at 
having  a  loss.”  Very  surprising:  CEO 
Ben  Verwaayen  said  during  the  same 
Webcast  presentation  to  analysts:  “I 
think  we  have  a  very  good  shot  at  being 
profitable  in  2010.”  One  reason  for  opti¬ 
mism:  Rising  sales  of  IP  products, 
including  MPLS  routers. 

Alleged  Cisco  IOS  hacker  indicted 

A  Swedish  man  has  been  indicted  in 
connection  with  the  alleged  2004  theft  of 
source  code  for  Cisco's  IOS  software. 
Philip  Gabriel  Pettersson,  21,  was 
indicted  on  one  count  of  intrusion  and 
two  counts  of  misappropriation  of  trade 
secrets.  He  was  also  indicted  on  two 
counts  of  intrusion  involving  NASA. The 
U.S.  Department  of  Justice's  Criminal 
Division  and  Joseph  Russoniello,  attor¬ 
ney  for  the  Northern  District  of 
California,  announced  the  indictment 
after  an  investigation  by  the  FBI  and 
other  agencies.  In  May  2004,  parts  of  the 
IOS  source  code  were  briefly  posted  to 
a  Russian  Web  site.  Some  observers 
said  then  that  the  theft  might  threaten 

the  Internet 
by  giving 
malicious 
hackers  a 
glimpse  into 
Cisco’s  pro¬ 
prietary 
software. 
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CA  Security  Management  software  streamlines  your  IT  security 
environment  so  your  business  can  be  more  secure,  agile  and 
compliant  without  upsizing  your  infrastructure.  All  with  faster 
time  to  value.  Greater  efficiency  starts  with  more  efficient  IT. 

That’s  the  power  of  lean. 


Learn  more  at  ca.com/security/value 


Copyright  &  2009  CA.  All  rights  reserved. 


PEERSAY 


Long  live  the  mouse 

Re:  Death  of  the  Mouse  (www.nwdocfinder. 
com/9232): 

I  don’t  know  if  my  reaction  to  John 
Brandon's  article  is  typical,  but  I  do  not  and 
will  not  talk  to  a  computer  in  order  to  elicit 
a  response.  When  1  do  talk  to  a  computer  I 
prefer  that  it  die  a 
painful  death  in  a 
ball  of  flames.  But 
seriously,  a  computer 
is  a  machine  to  be 
manipulated,  and  1 
will  not  treat  it  as  a 
peer  by  interfacing 
with  it  in  a  way  that 
only  humans  can 
interface. 

Similarly,  voice  response  phone  systems  are 
the  bane  of  a  civilized  society  I  will  load  a 
phone  call  with  multiple  button  presses  and 
silence  until  a  human  responds  on  the  other 
end,  and  then  I  make  sure  to  remind  them 
that  their  use  of  voice  response  technology  is 
rude  and  insulting.  1  suppose  the  day  is  com¬ 
ing  when  voice  response  technology  will 
make  it  difficult  to  to  discern  whether  the 
voice  at  the  other  end  is  a  human  or  a 
machine,  but  a  quick  quip  or  a  joke  will 
answer  that  question. 

Bill  Kreps 

We  had  a  touchscreen  for  any  HR  docu¬ 
ments  at  a  kiosk.  We  used  it  also  for  punching 
in  and  out.  The  very  definition  of  nine  steps 
back,  because  you  are  using  one  finger  vs.  10 
fingers  to  type  on  a  key  board. Then  comes 
the  drag  and  drop  temper-testing  process. 
Then  comes  the  strength-of-touch  learning 
curve,  which  starts  every  time  you  come  to 
work.  Then  comes  the  “down  time”  or  “site- 
not-found”  after  you  click,  and  connectivity 
issues.  It  wasn’t  long  before  a  good  old 
mouse,  keyboard,  and  big  fat  cathode  glass 
screen  replaced  this  thin  plastic  touchscreen 
for  service.  I  can  assure  you  that  there  are 
700-plus  people  at  my  workplace  that  have 
an  extremely  strong  opinion  against  touch¬ 
screen  technology  for  life. 

Anon 


Don’t  knock  teleworking 

Re:  Revving  up  telework,  Obama  style  (www. 
nwdocfinder.com/9233) 

Teleworking  is  great  for  those  who  take  it 
serious.You  just  have  to  manage  by  measuring 
productivity  and  completing  set  agendas.  It’s 
not  difficult  to  manage  someone  without  see¬ 
ing  them.  If  they  don’t 
meet  their  require¬ 
ments,  the  privilege  is 
taken  away  If  the  gov¬ 
ernment  can  make  it 
work,  then  the  compa¬ 
nies  will  follow  and 
more  people  can 
balance  their  work/ 
home  lifestyles  and 
reduce  footprinting. 
I’ve  been  successfully  doing  it  for  10  years! 

Anon 

Some  information  isn’t  worth 
securing 

Re:  IA  career  development:  Need  for  IA  pro¬ 
fessionals  will  grow  (www.nwdocfinder.com 
/9234): 

Back  in  the  mainframe  days  there  were  key¬ 
punch  operators  and  procedures  to  ensure  the 
integrity  of  the  data  they  entered. They  fired  all 
the  operators  and  got  rid  of  the  procedures  to 
ensure  data  integrity  and  management  said 
secretaries  could  enter  the  data  along  with 
their  normal  duties.Then  they  got  rid  of  all  the 
clerical  help  and  said  people  could  enter  their 
own  data  along  with  doing  whatever  their  real 
job  was.  Now  we  have  people  entering  data  on 
the  Web  and  no  one  looks  at  it  before  it  gets 
stored.  Why  spend  a  lot  of  money  keeping  it 
secure  if  it  is  probably  mostly  junk  anyway?  All 
that  said  if  you  do  go  nuts  on  security  and 
properly  lock  down  the  data  center  rest 
assured  someone  is  going  to  load  the  data 
onto  their  laptop  and  lose  it  anyway 

dwstclair 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification. 


**  A  computer  is  a  machine 
to  be  manipulated,  and  I  will 
not  treat  it  as  a  peer  by  inter¬ 
facing  with  it  in  a  way  that 
only  humans  can  interface.55 


One-day  IT  event  coming  to  a  city 
near  you! 

10-ITTracks;  Vendor  Expo;  Peer 
case-studies 


Feature  sessions  include:  Security;  WAN  services;  Network  management; 
Virtualization;  Data  centers;  SaaS;  Green  IT;  UC;  VoIP;  Mobility;  Application  delivery 

10  cities  in  2009 

ITR  visits  Boston,  Atlanta  and  Philadelphia  in  2009 
Register  and  qualify  to  attend  free 

www.nwdocfinder.com/9433 
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There's  no  good  way  to  find  out  someone  has  stolen 
your  data.  CDW  can  help  make  sure  you  never  have  to. 


Check  Point’ 


Check  Point®  Endpoint  Security™ 

•  Single  agent  for  total  endpoint  security  combining 
firewall,  network  access  control,  program 
control,  antivirus,  antispyware,  data  security 

and  remote  access 

•  Protects  PCs  and  eliminates  the  need  to  deploy 
and  manage  multiple  agents,  reducing  total  cost 
of  ownership 


Trend  Micro™  NeatSuite™  Advanced 

•  Delivers  multilayered,  multithreat  protection  in  a  single 
gateway-to-endpoint  suite 

•  Protects  against  the  growing  threat  of  Web-borne  attacks 

•  Provides  maximum  IT  efficiency  with  automatic  updates, 
centralized  management  console  and  reporting 

•  Offers  high  scalability  and  extensive  configuration  options 

51-250  user  license1  $59.99  CDW  1258918 


Cisco®  ASA  5505  Adaptive 
Security  Appliance 

•  Secures  your  network  against  attacks  such  as 
worms,  viruses,  spyware,  keyloggers,  Trojan  horses, 
rootkits  and  hackers 

•  Combines  feature-rich  VPN  connectivity  with 
comprehensive  threat  defense  to  deliver  cost- 
effective  remote  network  access 

•  Protects  users  accessing  the  network  from  a 
personal  or  public  PC  with  Cisco®  Secure  Desktop 


Call  CDW  for  pricing 

CDW  1420902 
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Gold 
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CDW  1065037 


We're  there  with  the  security  solutions  you  need. 

With  data  and  identity  theft  on  the  rise,  now  might  be  the  best  time  to  start  beefing  up  your  security. 
Lucky  for  you,  CDW  has  people  ready  to  help.  Our  personal  account  managers  work  along  with  highly 
trained  technology  specialists  to  find  the  perfect  data  security  solutions  for  you.  And  with  our  custom 
configuration  services,  everything  will  be  ready  to  go  when  it  arrives.  Call  CDW  today  and  we'll  introduce 
you  to  some  of  the  best  security  guards  in  the  business. 

CDW.com 


800.399.4CDW 
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'Licensing  requires  a  minimum  purchase  of  five  licenses;  includes  one-year  Maintenance  (12x5  telephone  and  online  technical  support,  virus  pattern  updates  and 
product  version  upgrades).  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2009  CDW  Corporation 
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■  Follow  these  links  to  more  resources  online 


INTERVIEWS,  THE  COOLEST  TOOLS  AND  MORE 
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Imagine  Gup:  Solving 
world  problems 
through  software 

Microsoft's  Imagine 
Cup,  now  in  its  seventh 
year,  lets  high  school 
and  university  students 
worldwide  develop  soft¬ 
ware  in  hopes  of  solving 
global  problems.The 
U.S.  finals  were  held 
recently  in  Boston. 

www.nwdocfinder.com/9226 


Robot  Fight  Club 

At  the  Kondo  Battle 
robots  from  across 
Japan  came  to  fight. 
The  battling  robots 
were  all  made  by  indi¬ 
viduals  or  small  teams 
of  hobbyists  and  each 
came  with  its  own  spe¬ 
cial  fighting  technique 
that  was  the  inspiration 
of  its  creator. 

www.nwdocfinder.com/9227 
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Inside  the  Enigma: 
Not  a  Riddle 

Neal  Weinberg  gets  a 
special  sneak  peek 
inside  the  Enigma 
device,  which  was  used 
by  the  Allies  in  World 
War  II  to  help  crack 
German  codes. 

www.nwdocfinder.com/9228 
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Mixing  Bluetooth  with  Wi-Fi? 


BLOGOSPHERE 


■  Use  the  Cisco  restroom  at  your  own 
risk.  A  report  on  the  Cisco  Subnet  says  that 
things  may  look  a  little  grubbier  around 
Cisco's  San  Jose  headquarters.  That’s 
because  100  janitors  and  supporters  were 
camped  out  in  front  of  the  complex  this  week 
to  protest  the  firing  of  75  of  their  comrades. 
The  janitors  cannot  pay  their  rent  for  the 
month  of  May,  according  to  a  press  release 
from  their  union,  and  are  instead  camping  in 
front  of  Cisco  until  the  company  orders  its 
contractor,  American  Building  Management, 
to  reinstate  them.  Cisco's  response  was 
published  by  the  Silicon  Valley/San  Jose 
Business  Journal:  “Cisco  respects  and  sup¬ 
ports  the  rights  of  our  vendors’  employees  to 
fair  treatment  and  their  right  to  voice  their 
concerns.  Cisco  does  not  direct  the  employ¬ 
ment  practices  of  the  thousands  of  vendors, 
partners  and  contractors  with  whom  it 
works,  including  the  janitorial  services  com¬ 
pany."  www.nwdocfinder.com/9229 

■  Cisco  cool  to  Obama's  tax,  loophole 
plan.  Cisco  Subnet  says  Cisco  was  not 
exactly  embracing  President  Obama's  plan 
to  tax  offshore  profit.  Under  the  plan, 
Obama  wants  to  impose  a  U.S.  tax  on  prof¬ 
its  U.S. -based  companies  make  from  over¬ 
seas  operations,  and  close  a  loophole  that 
allows  them  to  hide  foreign  subsidiaries. 
Cisco  and  other  high-tech  bellwethers  real¬ 
ized  a  benefit  of  more  than  $1  billion  from 
lower  foreign  tax  rates  in  their  most  recent 
fiscal  years,  according  to  an  AP  story.  That 
could  be  lost  if  Obama's  proposal  becomes 
law.  "If  rules  are  changed  on  tax  deferral 
and  we  are  taxed  in  the  U.S.  on  non-U. S. 
profit,  this  significant  additional  U.S.  tax 
cost  would  adversely  impact  our  ability  to 
invest  and  grow  our  business  in  the  U.S.," 
Cisco  spokesman  John  Earnhardt  said. 
www.nwdocfinder.com/9230 

■  Social  networking  worries  CIOs. 

Microsoft  Subnet  editor  Julie  Bort  was  at  the 
Colorado  IT  Symposium  in  Denver  last  week 
.Social  networking  in  all  of  its  forms  was  a 
giant  topic  of  casual  discussion. Twitter,  Face- 
book,  Yammer,  YouTube  are  strange  problems 
for  IT  professionals.  On  the  one  hand,  every¬ 
one  uses  them.  On  the  other  hand,  they  cre¬ 
ate  odd  governance  situations  for  companies. 
A  CIO  from  a  company  that  manufacturers 
alcoholic  beverages  explained  the  particular 
dilemma.  Marketing  folks  need  to  useTwitter, 
YouTube  and  the  like  because  the  company's 
ideal  customer  demographic  are  heavy  users 
of  this  technology.  On  the  other  hand,  the 
company  must  meet  legal/regulatory  require¬ 
ments  not  to  be  marketing  to  underage  kids. 
www.nwdocfinder.com/9231 


Wireless:  When  the  latest  version  of 
Bluetooth  was  announced  last  week,  two 
questions  popped  to  mind.  First,  what  does 
Bluetooth  3.0  —  which  combines  the 
Bluetooth  wireless  communications  protocol 
with  802.1  lgWi-Fi  transport  capabilities  — 
offer  that  plain  old  Wi-Fi  doesn’t?  Second,  how 
are  3.0  connections  secured,  given  that  Wi-Fi 
running  in  ad  hoc  (peer-to-peer)  mode  hasn’t 
historically  received  many  kudos  for  privacy? 

It  turns  out  that  the  two  questions  and  their 
answers  are  somewhat  related.  Let’s  look  at  the 
first  question:Why  combine  the  two  technolo¬ 
gies,  rather  than  just  using  the  one  with  the 
faster  transport  (Wi-Fi)  to  begin  with?  One  rea¬ 
son  is  that  about  40  peer-to-peer  applications 
have  already  been  built  into  many  Bluetooth 
certified  products.The  Bluetooth  Special 
Interest  Group  charter  includes  standardizing 
applications, such  as  file  transfer,  audio  distrib¬ 
ution,  printing, synchronization,  and  so  forth, 
while  the  IEEE  802. 1 1  task  groups  and  the  Wi¬ 
Fi  Alliance  charters  do  not.  Bottom  line,  there 
are  some  existing,  useful  Bluetooth  applica¬ 
tions  already  kicking  around  that  could  bene 
fit  from  a  heftier  transmission  speed. 
www.nwdocfinder.com/9921 


Tech  exec:  When  I  started  my  IT  career 
three  decades  ago,  there  was  a  popular 
saying: “Nobody  ever  got  fired  for  buying 
IBM.”  It  meant  that  IBM  products  and  solu¬ 
tions  were  a  safe  choice  because  of  the 
company’s  size,  reputation,  financial  stabili¬ 
ty,  and  service  and  support.  Oh,  and  the 
products  were  usually  more  than  adequate 
in  meeting  most  business  computing 
needs.  Back  then  I  worked  for  the  project 
control  department  of  an  international 
engineering  firm.  My  department  went 
against  the  conventional  wisdom  when  we 
decided  to  buy  a  minicomputer  from  a 
rather  small  (at  the  time)  company  called 
Hewlett-Packard.  The  IT  director  thought 
we  were  crazy  for  eschewing  the  IBM 
label,  and  he  washed  his  hands  of  our  pur¬ 
chase  decision  (which  turned  out  to  be  a 
good  one).  When  it  comes  to  networking 
in  today’s  environment,  the  saying  might 
just  be, “Nobody  ever  gets  fired  for  buying 
Cisco.”  Indeed,  in  the  United  States,  Cisco 
has  a  72  percent  share  of  the  market. 

That’s  a  lot  of  people  that  have  made  “the 
safe  choice”  for  their  networking  gear. 
www.nwdocfinder.com/9922 
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CA  Spectrum  solutions  help  you  pinpoint  and  solve  information  flow, 
problems  across  the  IT  infrastructure  —  networks,  physical  and  virtual 
systems,  databases  and  applications  —  before  they  impact  your  end  users. 
Eliminate  costly,  labor-intensive  oversight  and  deliver  seamless  service 
with  payback  in  under  a  year.  That's  the  power  of  lean. 


Read  the  IDC  white  paper  on  CA  software  and  ROI  at  ca.com/spectrum/value 
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Citrix  embraces  Apple 
with  iPhone  virtualization 

Citrix  is  bringing  virtual  desktops  and  applications  to  the  iPhone  and  has 
revamped  its  server  virtualization  platform.  A  lightweight  software  client 
called  Citrix  Receiver  lets  IT  deliver  desktops  and  applications  to  any  device, 
whether  it  be  a  desktop,  laptop  or  smartphone.  Available  as  a  free  add-on  to  the 
Citrix  XenApp  application  delivery  platform,  Receiver  acts  like  the  satellite  or 
cable  TV  receiver  used  in  broadcast  media  services,  the  company  says.  Citrix  also 
announced  Dazzle,  another  XenApp  add-on  that  mimics  the  iTunes  application 
store  by  letting  corporate  users  choose  and  install  business  applications  on- 
demand.  At  its  annual  Synergy  show  in  Las  Vegas,  Citrix  also  released  Version  5.5 
of  the  XenServer  hypervisor  and  Essentials,  a  software  platform  that  manages  both 
XenServer  and  Microsoft’s  Hyper-VThe  upgrades,  including  native  support  for  inte¬ 
gration  with  Windows  Active  Directory,  bring  Citrix  closer  to  VMware  in  function¬ 
ality  says  Burton  Group  analyst  ChrisWolf.www.nwdocfinder.com/9237 


Researchers  release  VBootkit  2.0  code. 

Indian  security  researchers  have  released 
proof-of-concept  code  that  can  be  used  to 
take  over  a  computer  running  Microsoft’s 
upcoming  Windows  7  operating  system, 
despite  earlier  promising  not  to  make  the 
code  public  for  fear  it  could  be  misused. 
VBootkit  2.0  was  developed  by  researchers 
Vipin  Kumar  and  Nitin  Kumar  and  is  available 
for  download  under  an  open  source  license. 
They  unveiled  the  proof-of-concept  code  at 
the  Hack  In  The  Box  security  conference  in 
Dubai,  where  they  showed  how  it  could  be 
used  to  give  an  attacker  complete  control 
over  a  Windows  7  computer,  including  the 
ability  to  remove  and  restore  user  passwords. 
Microsoft  said  it  doesn’t  consider  VBootkit  2.0 
a  serious  threat.“Any  claims  made  at  the  event 
relating  to  Windows  7  having  a  security  vul¬ 
nerability  are  not  true,”  the  company  said. 
www.nwdocflnder.com/9238 

GE  to  spend  $6  billion  on  health  tech 
initiative.  General  Electric  plans  to  spend  $6 
billion  over  the  next  six  years  in  an  effort  to 
improve  healthcare  quality  and  drive  down 
costs  to  consumers.The  company  will  spend 
$3  billion  on  R&D,with  major  focuses  on 
accelerating  health  IT  and  reducing  the  cost 
of  high-tech  health  devices,  GE  Chairman  and 
CEO  Jeff  Immelt  said.  Improving  electronic 
medical  records  will  be  one  of  the  large  pro¬ 
jects,  he  said.  In  addition,  GE  will  commit  $2 
billion  and  $1  billion  worth  of  GE  technology 
to  deliver  health  IT  to  rural  and  other  under¬ 
served  areas. “Healthcare  needs  new  solu¬ 
tions,”  Immelt  said. “We  must  innovate  with 
smarter  processes  and  technologies  that  help 
doctors  and  hospitals  deliver  better  health¬ 
care  to  more  people  at  a  lower  cost.” 
www.nwdocfinder.com/9239 

Security  breach  cost  Heartland  $12.6 
million  so  far.  The  security  breach  Heart¬ 


land  Payment  Systems  disclosed  in  January 
has  cost  the  company  about  $12.6  million, 
including  legal  costs  and  fines  from  Master- 
Card  and  Visa.  Those  costs  directly  con¬ 
tributed  to  a  $2.5  million  loss  for  the  quarter, 
Heartland  said  in  its  quarterly  earnings  call. 
The  company  also  detailed  plans  to  protect 
its  credit-  and  debit-card  processing  network 
with  an  end-to-end  encryption  system  that  it 
will  begin  rolling  out  with  its  merchants  in  the 
third  quarter.  The  system  will  be  based  on 
hardware  and  software  that  Heartland  is 
developing  with  help  from  soon-to-be- 
announced  technology  partners.  Heartland  “is 
basically  leading  the  way  for  the  rest  of  the 
industry/ says  Gartner  analyst  Avivah  Litan, 
noting  that  its  plan  for  end-to-end  encryption 
will  be  the  first  effort  of  its  kind  in  the  United 
States,  www.nwdocfinder.com/9240 

Oracle  will  stay  in  the  hardware  busi¬ 
ness,  Ellison  says.  Oracle  plans  to  stay  in 
the  hardware  business  following  its  planned 
$7.4  billion  acquisition  of  Sun,  CEO  Larry 
Ellison  said,  according  to  a  transcript  of  an 
interview  with 
Reuters  that  was 
filed  with  the  SEC. 

Oracle  was  primari¬ 
ly  interested  in  Sun’s 
Solaris  operating 
system  and  its  Java 
software,  which 
Oracle  relies  on  for 
many  of  its  applica¬ 
tions.  But  Sun  also 
has  a  significant 
hardware  business,  which  includes  servers 
and  its  family  of  Sparc  microprocessors,  and 
Ellison  plans  to  keep  them  around  as  a  key 
component  of  Oracle’s  business. “While  most 
hardware  businesses  are  low-margin,  compa¬ 
nies  like  Apple  and  Cisco  enjoy  very  high- 
margins  because  they  do  a  good  job  of 


designing  their  hardware  and  software  to 
work  together,”  Ellison  said. 

www.nwdocfinder.com/9244 

U.S.  air  traffic  control  vulnerable  to 
cyberattack.  U.S.  air  traffic  control  systems 
are  at  high  risk  of  attack  because  of  their 
links  to  insecure  Web  applications  run  by 
aviation  authorities  around  the  country 
according  to  a  Department  of  Transpor¬ 
tation  audit.  Penetration  testers  found  763 
high-risk  vulnerabilities  in  70  Web  applica¬ 
tions  used  for  internal  air  traffic  control  sys¬ 
tems  within  the  Federal  Aviation  Admini¬ 
stration.  A  high-risk  vulnerability  is  classified 
as  one  where  an  attacker  could  take  control 
over  a  computer,  modifying  systems  or  steal¬ 
ing  data. Testers  also  found  504  medium-risk 
and  2,590  low-risk  vulnerabilities, such  as 
the  use  of  weak  passwords.“In  our  opinion, 
unless  effective  action  is  taken  quickly,  it  is 
likely  to  be  a  matter  of  when,  not  if,  ATC  sys¬ 
tems  encounter  attacks  that  do  serious  harm 
to  ATC  operations,”  the  report  concluded. 
www.nwdocfinder.com/9241 

Cisco  Q3  revenue,  earnings  fall.  Cisco’s 
revenue  for  its  third  fiscal  quarter  fell  to  $8.2 
billion,  down  17%  from  a  year  earlier.  Net 
income  plunged  21%  to  $1.3  billion,  or  $0.23 
per  share,  in  the  quarter  ended  April  25. 
Analysts  polled  by  Thomson  Reuters  had 
expected  earnings  of  $0.25  per  share  on  rev¬ 
enue  of  $8.07  billion.  In  its  fiscal  fourth  quar¬ 
ter,  Cisco  expects  revenue  to  again  fall  be¬ 
tween  17%  and  20%  from  a  year  earlier,  execu¬ 
tives  said  on  a  conference  call  to  discuss  the 
results.  But  CEO  John  Chambers  had  some 
encouraging  news  on  the  global  economy 
Customers  around  the  world  have  recently 
told  Cisco  they  are  seeing  a  “leveling  off,” 
though  at  a  disappointing  rate  of  year-over¬ 
year  growth,  after  a  long  period  of  continuing 
deceleration,  he  said. 
www.nwdocfinder.com/9242 

CA  tries  to  groom  next  generation  of 
mainframers.  CA  has  been  working  to  lure 
a  new  generation  of  talent  to  the  mainframe 
platform  as  part  of  an  initiative  aimed  at  eas¬ 
ing  the  process  of  managing  and  installing  its 
mainframe  software.The  vendor  last  week 
announced  that  143  of  its  166  mainframe  pro¬ 
ducts  have  been  upgraded  in  accordance 
with  the  “Mainframe  2.0”  strategy  which  was 
announced  last  year.  CA  also  announced 
Mainframe  Software  Manager,  an  application 
for  managing  and  implementing  CA  products 
on  IBM’s  z/OS  platform  that  features  a  graphi¬ 
cal  user  interface  built  with  Google’s  Web 
Toolkit.  By  automating  or  streamlining  many 
routine  tasks,  experienced  mainframe  system 
administrators  will  be  able  to  focus  on  more 
important  matters  and  even  hand  off  some 
duties  to  less-seasoned  IT  staff,  according  to 
CA.  www.nwdocfinder.com/9243 
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Your  IT  challenges 
come  in  all  sizes. 

So  do  our  solutions. 


IT  problems  happen,  but  disruption  doesn’t  have  to  be  a  part  of  the  process. 
From  power  outages  to  downed  email,  SunGard  is  there  to  keep  it  all  flowing. 
What  makes  10,000  customers  trust  and  depend  on  SunGard?  A  30-year 
history  of  doing  it  right. 

With  the  widest  range  of  Information  Availability  services  in  the  industry, 
SunGard  offers  the  solutions  to  cover  it  all— no  matter  what  the  availability 
requirement,  from  production  to  recovery.  SunGard’s  infrastructure  has 
redundancies  at  every  level— we’ve  invested  so  you  don’t  have  to.  At  SunGard, 
we  know  you  need  higher  levels  of  availability,  and  we  deliver.  So  leave  your 
worries  to  us. 


To  learn  more  about  how  to  keep  your  people  and  information  connected, 
visitwww.availability.sungard.com/sgl  or  call  1-866-673-6616. 


-  Advanced RecoverySM  with  a  100%  recovery  record 
and  a  breadth  of  services  offered 

-  AdvancedHosting  with  over  2.000  customers 
and  34  production  facilities  with  a  range  of  managed 
IT  services 

"  Consulting  with  more  than  100,000  action 
plans  delivered 

-  Continuity  Management  Software  the  most 
widely  used  to  keep  businesses  up  and  running 

SUNGARD 

Availability  Services 
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Wireless  networks  must 
overcome  challenges 


Juniper 
bolsters 
branch  router, 
switch  lines 

BY  JIM  DUFFY 

Juniper  Networks  last  week  extended  its 
branch  office  line  with  routers  and  switches 
designed  to  let  remote  workers  securely 
access  enterprise  resources  at  lower  cost. 

The  new  offerings  include  downscaled  ver¬ 
sions  of  Juniper’s  SRX  Services  Gateway 
Routers  starting  at  a  list  price  of  about  $700. 
The  high-end  SRX  5000  can  cost  as  much  as  $1 
million,  Juniper  says. 

The  new  switches  are  entry-level  gigabit  ver¬ 
sions  of  Juniper’s  EX  line  that  list  at  about  $100 
per  port.  Juniper  entered  the  LAN  switching 
market  a  year  ago  with  large  enterprise  ver¬ 
sions  of  the  EX  line. 

Together,  the  gateways  and  switches,  which 
all  run  Juniper’s  JUNOS  operating  system,  are 
intended  to  provide  distributed  branch  offices 
of  large  enterprises  with  the  consistency  of  a 
single  “carrier-class”  operating  system  and  inte¬ 
grated  security  at  a  lower  TCO  than  competi¬ 
tive  and  legacy  systems.  Juniper  claims  its  “dis¬ 
tributed  enterprise”  gear  can  provide  a  41% 
reduction  in  overall  network  operations  costs, 
citing  commissioned  data  from  a  Forrester 
Research  study 

On  the  services  gateway  front,  Juniper 
unveiled  four  SRX  platforms:  the  SRX  100,210, 
240  and  650.  All  feature  integrated  content 
security,  with  unified  threat  management  and 
intrusion-prevention  services  (IPS)  embedded 
in  the  JUNOS  software. 

The  SRX  100  is  a  fixed  configuration  plat¬ 
form  with  a  forwarding  performance  of 
600Mbps  and  IPS  of  50  Mbps.The  SRX  210  fea¬ 
tures  an  expansion  slot  for  a  variety  of  LAN, 
WAN  and  wireless  interfaces,  or  an  optional 
Session  Initiation  Protocol  (SIP)  gateway  It 
also  features  optional  hardware  acceleration 
for  content  security  and  has  a  forwarding/IPS 
rate  of  750M/80Mbps. 

The  SRX  240  features  four  expansion  slots, 
optional  SIP  gateway  and  content  security 
acceleration  support,  and  forwarding/IPS  per¬ 
formance  of  l,500M/250Mbps.  The  SRX  650 
sports  eight  expansion  slots,  optional  SIP  gate¬ 
way  standard  content  security  acceleration, 
and  forwarding/IPS  performance  of 
7,000M/900Mbps. 

The  SIP  gateway  features  integrated  FX0  and 
FXS  analog  ports  and  is  intended  to  work  with 
call  managers  and  handsets  from  a  variety  of 
VoIP  vendors,  including  Juniper  partner  Avaya 
and  rival  Cisco.  Juniper  has  not  yet  certified 

See  Juniper,  page  14 


BY  ELLEN  MESSMER 

Wireless  networks  bring  flexibility  but  IT 
managers  say  interference,  latency  and  securi¬ 
ty  issues  can  be  challenging. 

Oklahoma  City,  for  example,  for  a  year  has 
operated  a  620  square-mile  802.1  lg  wireless 
network  for  mobile  computer  access  for  the 
city  police  and  fire  departments.  As  convenient 
as  thisTropos  Networks-based  meshed  802.1  lg 

is,  interference  problems  are  significant 
enough  that  mobile  public-safety 
units  have  also  been  given  Sprint 
mobile  cards  as  a  connectivity 
backup. 

And  latency  issues  associated 
with  all  the  802.1 1-based  wireless 
networks  used  by  the  city  are  com¬ 
plicating  Oklahoma  City’s  security 
plans  to  transition  thousands  of 
employees  from  re-usable  pass¬ 
words  to  stronger  token-based,  two- 
factor  authentication.  Why?  Wire¬ 
less  latency  issues,  says  Steve 
Eaton,  Oklahoma  City’s  informa¬ 
tion  security  architect. 

Wireless  networks  “have  issues 
with  firewalls  and  timing  con¬ 
cerns,”  Eaton  says,  noting  that  laten¬ 
cy  —  the  time  it  takes  a  packet  to 
reach  from  one  designated  point 
to  another  —  is  slower  than  in 
wire-only  networks. 

So  when  installing  the  Quest 
Defender  two-factor  authentica¬ 
tion  gateway  the  city  selected,  tech¬ 
nical  adjustments  that  had  to  be  made  to 
accommodate  the  latency  lag  time  of  wireless 
networks. 

Others  benefiting  from  the  advantages  of 
wireless  say  they  are  also  cognizant  of  its  chal¬ 
lenges. 

Since  late  last  year,  Liberty  University  in 
Lynchburg,  Va.,  has  deployed  hundreds  of 
Aruba  802.1  In  wireless  access  points  on  cam¬ 
pus,  and  also  uses  the  Aruba  Endpoint  Com¬ 
pliance  System  (ECS)  for  network-access  con¬ 
trol  for  students. 

“The  vast  majority  of  our  students  are  now  on 

it, ”  says  Bruce  Osborne,  a  network  engineer  at 
the  university. 

Each  student  needs  an  ECS  software  agent, 
says  Jimmy  Graham,  Liberty’s  manager  of  net¬ 
work  services,  and  if  any  of  the  roughly  10,000 
students  lack  the  requisite  antivirus  or  security 
patches,  they’re  isolated  from  wireless  access 
until  their  computers  obtain  required  security 
updates,  which  can  be  done  online. 

The  tougher  challenge  has  been  getting  VoIP 
phones  —  in  this  case  Cisco’s  —  to  work  opti¬ 
mally  on  the  wireless  network.  There  are  chal¬ 


lenges  related  to  latency  and  VoIP’s  high-band¬ 
width  needs,  Osborne  said. 

“We  need  quality-of-service  to  manage  this,” 
Osborne  says.  VoIP  traffic  over  wireless  will 
need  to  be  given  priority  over  other  traffic,  and 
until  that  is  all  sorted  out,  the  majority  of 
phones  will  remain  wireline-based  on  the 
campus. 

Sisters  of  Mercy  Health  System,  a  Hatboro, 
Pa.,  healthcare  provider,  is  benefiting  from  IP- 
based  phones  over  wireless  in  its 
installation  of  the  Ascom  IP  DECT 
System  wireless  base  stations  and 
phones  at  a  number  of  its  hospital 
sites. 

“We  were  looking  for  a  wireless 
system  and  failover,”  says  Felix 
Merlino,  manager  of  telecommuni¬ 
cations  for  the  healthcare  organi¬ 
zation,  noting  integrator  InfoLogix 
designed  and  installed  it. 

Hospital  staff  has  welcomed  IP 
phones  over  wireless  as  a  good 
alternative  to  a  paging  system  to 
contact  needed  medical  person¬ 
nel.  While  the  wireless  equipment 
doesn’t  interfere  with  any  other 
hospital  equipment,  there  can  be 
issues  with  blocked  reception  that 
have  to  be  addressed  by  adjusting 
base  stations. 

The  firmware  for  the  IP  DECT 
equipment  has  to  be  patched 
from  time  to  time,  notes  Cory  Lind- 
ley  the  healthcare  provider’s  senior 
telecommunications  analyst,  adding,  “As  we 
move  further  into  the  VoIP  realm,  I  can  see  that 
will  be  a  regular  occurrence.” 

Patching  requires  systems  to  be  shut  down 
and  rebooted  so  it’s  important  to  have  a  sec¬ 
ond  gateway  as  backup,  he  points  out. 

Just  considering  use  of  wireless  access 
points  in  network  design  raises  considerations 
in  terms  of  the  Payment  Card  Industry  (PCI) 
security  rules, says  Bernie  Rominski.IT  security 
officer  for  Regis  Salons. 

The  beauty  salon  group  has  about  8,000  cor¬ 
porate  and  franchise  locations,  most  of  which 
still  use  point-of-sale  (POS)  dial-up  machines. 
But  Regis  Salons  is  updating  its  network  look 
with  plans  for  a  shared  Web  portal  for  business 
purposes  and  an  Internet-based  POS  system 
that  may  include  wireless  LANs  in  the  salons. 

PCI  rules  for  wireless  indicate  there  needs  to 
be  a  segmented  network,  Rominski  points  out, 
noting  “The  PCI  Data  Security  Standard  recog¬ 
nizes  segmentation  as  a  firewall.”  He  adds  that 
means  each  salon,  if  it  uses  wireless,  will  likely 
also  install  a  firewall  to  be  able  to  comply  with 
PCI  DSS.  ■ 
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says  one  tough 
challenge  has  been 
getting  VoIP 
phones  to  work 
optimally  on  the 
school's  wireless 
network. 
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FutureNet  2009:  IPv6  is  coming 

IPv6  poses  economic,  security  challenges  for  companies 


BY  BRAD  REED 

BOSTON  —  Although  many  businesses  say 
they  see  no  economic  advantage  to  deploying 
IPv6  over  their  networks,  several  panelists  at 
this  year’s  FutureNet  show  said  that  they  soon 
may  not  have  a  choice. 

IPv6  is  a  next-generation  Internet  layer  pro¬ 
tocol  that  was  designed  by  the  IETF  to  solve 
the  problem  of  IP  address  depletion  under  the 
current  Internet  layer  protocol,  IPv4  (see  relat¬ 
ed  story  page  18).  John  Curran,  the  chairman 
of  the  board  of  trustees  at  the  American 
Registry  for  Internet  Numbers,  said  the  Inter¬ 
net  will  run  out  of  IPv4  addresses  if  they  con¬ 
tinue  to  be  used  at  their  current  pace.  Need¬ 
less  to  say,  Curran  thinks  this  will  cause  some 
significant  problems. 

“On  the  day  when  we  run  out  of  addresses, 
none  of  you  are  going  to  notice  it  on  that  day 
but  it’s  the  months  that  follow  that  turn  out  to 


Juniper’s  SRX  210  features  an  expan¬ 
sion  slot  for  a  variety  of  LAN,  WAN  and 
wireless  interfaces. 


Juniper 

continued  from  page  12 

the  SIP  gateway  as  interoperable  with  any  ven¬ 
dor,  however. 

These  systems  will  go  up  against  Cisco’s  In¬ 
tegrated  Services  Router  portfolio,  which  has 
enjoyed  considerable  success  in  the  market 
since  their  introduction  in  2004. The  100  costs 
about  $700,  while  the  210,  240  and  650  are 
priced  at  roughly  $1,100,  $3,000  and  $16,000, 
respectively 

TTne  new  EX  switch  is  called  the  EX  2200.  It  is 
a  fixed  configuration  device  with  24  or  48 
lO/lOO/lOOOBase-T  Ethernet  ports,  and  two  of 
the  four  models  support  Power  over  Ethernet 
(PoE)  for  VoIP  installations.All  models  provide 
four  SFP  uplinks,  Layer  2  forwarding  and  the 
Routing  Information  Protocol  in  the  base 
license,  and  Layer  3  in  an  “enhanced”  license. 

Each  switch  consumes  about  2  watts  per 
port,  including  the  PoE  ports,  Juniper  says. 

Juniper  is  also  expected  to  roll  out  an  auto¬ 
mated  technical  support  service  for  all  of  its 
JUNOS-based  devices.  This  is  designed  to 
deliver  automated  incident  management  and 
proactive  analysis  assistance  to  remote 
JUNOS  devices  and  users  from  Juniper  tech¬ 
nical  assistance  center  servers.* 


be  the  problem,”  he  said  at  last  week’s  Future 
Net  conference  in  Boston.“Backbones  are  not 
going  to  be  able  to  add  customers  unless  they 
find  more  address  space...  the  pieces  you 
deal  with  are  going  to  be  smaller  and  the  rout¬ 
ing  table  is  going  to  pay  the  price.” 

The  trouble  that  IPv6  advocates  have  run 
into  so  far,  however,  is  that  individual  business¬ 
es  right  now  don’t  see  the  logic  in  investing 
time  and  money  in  IPv6  deployment  during  a 
recession  in  which  they  have  far  more  press¬ 
ing  and  immediate  needs.  Or  as  Curran  put  it 
at  FutureNet, “People  don’t  see  what  they  need 
before  they  actually  need  it.” 

Joda  Schaumberg,  the  director  of  unified 
collaboration  services  for  Global  Crossing, 
said  during  a  FutureNet  panel  that  his  whole 
company  has  seen  a  “significant  increase”  in 
IPv6  ports  and  traffic  growth,  it  has  had  trouble 
educating  enterprise  customers  about  why 
IPv6  deployment  is  so  important  to  their  long¬ 
term  health. 

“I  was  in  front  of  a  CIO  yesterday  and  I  asked 
him  whether  deploying  IPv6  was  on  his  short, 
medium  or  long-term  list  of  priorities,”  he  said. 
“But  it  wasn’t  even  on  his  radar” 

The  security  implications  of  IPv6 

Scott  Hogg,  who  is  also  the  coauthor  of  the 
Cisco-approved  IPv6  Security  guidebook  and 
a  regular  contributor  to  Network  World’s  Cisco 
Subnet  blog,  told  FutureNet  attendees  that 
IPv6  could  pose  major  security  problems  for 
their  networks  even  if  they  hadn’t  yet  deployed 
the  new  Internet  layer  protocol.  This  is  be¬ 
cause  operating  systems  such  as  Vista  and 
Linux  are  already  IPv6  capable  and  thus  any 
networks  that  use  these  operating  systems 
might  be  handling  IPv6  traffic  without  their 
operators’  knowledge. 

Additionally  one  way  that  IPv6  addresses 
connect  to  each  other  over  IPv4  networks  is 
through  encapsulating  IPv6  data  in  IPv4  pack¬ 
ets  and  then  “tunneling”  through  the  older  net¬ 
work.  Because  the  typical  firewall  is  unable  to 
unwrap  these  IPv4  capsules  to  inspect  the  traf¬ 
fic  inside,  Hogg  said  that  could  be  a  way  for 
hackers  to  break  into  networks. 

“The  firewalls  don’t  look  closely  enough  at 
encapsulated  packets  because  the  typical  fire¬ 
wall  today  has  nothing  capable  of  opening  up 
the  capsule,”  he  said.  “Some  vendors  are  start¬ 
ing  to  work  together  on  this  problem  but  they 
aren’t  there  yet.” 

Hogg  also  said  creating  dual-stack  transition 
networks  that  run  both  IPv4  and  IPv6  can  cre¬ 
ate  vulnerabilities  for  networks  because  they 
can  become  vulnerable  to  attacks  with  either 
IPv4  or  IPv6  traffic.  He  said  any  enterprise 
building  a  dual-stack  network  should  make 
sure  that  it  is  secure  before  switching  on  any 


IPv6  capabilities.  This  means  securing  the  net¬ 
work  perimeter  first,  hardening  network 
devices  and  building  the  IPv6  network  first 
from  the  core  and  then  out  to  the  edges. 

“In  a  lot  of  ways  it’s  very  similar  to  what  you 
do  to  secure  an  IPv4  network,”  he  said.  “The 
migration  strategy  should  be  going  from  the 
core  on  out.” 

IPv6  only  solves  part  of  the  problem 

Even  if  every  business  and  ISP  were  to  suc¬ 
cessfully  deploy  IPv6  over  their  network 
tomorrow,  it  still  wouldn’t  solve  certain  fun¬ 
damental  problems  with  the  scalability  of 
Internet  routing. 

The  IETF  acknowledged  these  problems 
earlier  this  year  when  it  formed  a  working 
group  designed  to  address  the  scalability 
problems  caused  by  multihoming,  the  prac¬ 
tice  whereby  customers  look  to  increase  the 
reliability  of  their  Internet  connection  by 
splitting  their  traffic  over  multiple  carriers. 
Multihoming  can  become  a  problem 
because  it  can  increase  the  size  of  routing 
tables  to  such  a  point  that  it  will  overwhelm 
router  hardware. 

Tom  Nadeau,  a  senior  network  architect  for 
BT,  estimated  that  “we  have  15  years  to  fix  the 
routing  problem  or  we’re  going  to  need  IPvl2.” 

Doug  Junkins,  the  vice  president  of  IP 
Engineering  for  NTT  America,  said  while  the 
problem  with  routing  scalability  is  very  real,  it 
is  still  vital  to  at  least  start  deploying  IPv6  now 
in  order  fix  the  more  immediate  addressing 
problem. 

“IPv6  adoption  is  solving  one  part  of  the 
overall  problem,  but  there’s  going  to  need  to 
be  follow-up  developments,” he  said.  “My  hope 
is  that  by  deploying  IPv6  we  will  help  ease  the 
transition  to  fixing  the  routing  architecture  in 
the  future  without  having  to  fix  the  address 
side  of  the  equation  again.”* 
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AppZero  debuts  server  app  tool 

Microsoft  working  on  similar  technology,  but  no  ship  date  set 


BY  JOHN  FONTANA 

AppZero  last  week  released  a  Windows  ver¬ 
sion  of  its  server  application  virtualization 
tools,  handily  beating  Microsoft  out  the  door 
with  a  technology  designed  to  help  users  more 
easily  move  server  applications  between  inter¬ 
nal  and  cloud  platforms. 

The  maker  of  AppZero  4.0  is  part  of  a  small 
list  of  vendors  offering  application  isolation 
and  encapsulation  technology,  which  sepa¬ 
rates  the  application  from  the  underlying  oper¬ 
ating  system.  Users  can  package  the  applica¬ 
tion  with  all  its  relevant  parts  and  lift  it  off  its 
existing  underlying  operating  system  and  link 
it  to  a  similar  operating  system  running  in  the 
same  or  another  environment. 

Microsoft  last  week  demonstrated  similar 
technology  it  is  working  on,  but  it  has  not 
announced  a  ship  date,  what  the  software  will 
be  called  or  how  it  will  be  packaged. 


AppZero  (formerly  Trigence)  already  has  ver¬ 
sions  of  its  software  for  Linux  and  Solaris,  but 
despite  the  4.0  version  number  AppZero  for 
Windows  is  the  company’s  first  support  for  the 
Microsoft  platform. 

With  AppZero  users  create  a  Virtual  Appli¬ 
cation  Appliance  (VAA)  that  basically  includes 
all  the  software  and  configuration  fields  that 
make  up  the  application  and  the  associated 
data.  The  application  can  then  be  moved  to 
another  environment  without  the  user  having 
to  write  any  code.  The  VAA  contains  nothing 
from  the  operating  system  so  users  don’t  have 
to  consider  Windows  licensing  issues. 

The  AppZero  XML  Creation  Editor  is  used  to 
build  the  VAA  and  a  Snapshot  tool,  which  helps 
create  a  template  for  creating  a  VAA.  What 
users  end  up  with  is  a  library  of  application 
appliances  that  can  be  deployed  nearly  on- 
demand. 


“You  have  to  see  this  in  terms  of  IT  shops 
moving  toward  the  cloud,”  says  Rachel  Chal¬ 
mers,  an  analyst  at  The  451  Group.  She  says  IT 
directors  are  faced  with  departments  that  are 
comparing  the  weeks  it  typically  takes  for  IT  to 
get  a  server  up  and  running  internally  to  Ama¬ 
zon’s  EC2  cloud  environment  and  looking  at 
“five  seconds  and  a  credit  card.” 

“That  is  one  driver  pushing  IT  directors  to 
build  cloud  infrastructure  internally  but  they 
are  also  looking  at  being  able  to  provision 
applications  either  to  an  internal  server  or  with 
a  cloud  provider’’  Chalmers  says. 

That  is  where  AppZero  fits  in  along  with  sim¬ 
ilar  competitors,  such  as  rPath,  Cohesive  Flex¬ 
ible  Technologies,  Enomaly  and  Fast  Scale 
Technology 

AppZero  4.0  offers  64-bit  infrastructure  sup¬ 
port  for  Windows  2003  and  2008  servers  and 
pricing  starts  at  $500  per  VAA.  ■ 


Multi-gigabit  wireless  spec  speeds  along 


BY  JOHN  COX 

Seventeen  chip  makers,  consumer  electron¬ 
ics  companies  and  one  software  vendor, 
Microsoft,  have  banded  together  to  create  a 
standard  for  multi-gigabit,  short-range  wire¬ 
less  networking. 

The  new  spec  by  Gigabit  Wireless  Alliance 
(WiGig)  is  all  about  speed:  using  the  60GHz  fre¬ 
quency  to  achieve  a  data  rate  of  up  to  6Gbps, 
with  actual  maximum  throughput  of  just  over 
5Gbps.  A  low-power  option,  aimed  at  mobile 
and  battery-powered  devices,  will  have  a  mini¬ 
mum  throughput  of  lGbps.That  compares  to 
about  150M  to  180Mbps  throughput  for  today’s 
typical  802. 1 1  n  WLAN  using  three  transmit  and 
three  receive  antennas. 

The  Alliance  plans  to  have  the  first  draft  of 
the  spec  available  by  year-end. 

The  60GHz  band  has  been  the  focus  of  much 
recent  research  and  technology  demonstra¬ 
tions  over  the  past  two  years.  In  early  2008,  the 
WirelessHD  consortium  unveiled  a  specifica¬ 
tion  for  streaming  high  definition  video,  for 
example  between  a  BluRay  disc  player  and  a 
flat  screen  TV  Last  year,  Australian  researchers 
showed  a  CMOS  chip  that  bettered  the  perfor¬ 
mance  of  the  WirelessHD  silicon  from 
SiBeam. 

The  WiGig  spec  will  use  the  60GHz  band, 
which  is  an  unlicensed  frequency  available 
worldwide,  a  key  consideration  for  product 
vendors  seeking  global  markets.  Just  as  impor¬ 
tant,  the  frequency  has  been  allocated  a  big 
chunk  of  bandwidth:  7GHz  in  the  United 
States,  and  as  much  as  9GHz  in  some  other 
countries,  says  Bill  McFarland,  CTO  for  chip- 


maker  Atheros  Communications,  one  of  the 
founding  WiGig  members. 

“Because  we  can  use  such  a  large  swath  of 
the  spectrum,  we  can  get  very  high  data  rates,” 
he  says.  Among  other  things,  those  frequency 
characteristics  would  let  WiGig  radios  stream 
uncompressed  high  quality  video. 

The  60GHz  band  also  is  largely  unused,  com¬ 
pared  for  example  with  the  2.4GHz  band, 
which  is  crowded  with  802.1  lb/g,  Bluetooth, 
microwave,  and  other  applications.  The  multi¬ 
gigabit  link  could  be  used  for  storing  video  on 
network-attached  storage  and  streaming  it  to  a 
flat  panel  display  or  PC,  transferring  lots  of 
images,  and  synchronizing  hard  drives 
between  devices. 

A  wide  range  of  products  could  make  use  of 
it.  Alliance  members  see  WiGig  radios  being 
integrated  with  a  wide  range  of  computer,  net¬ 
working,  and  consumer  electronics  products, 
including  mobile  devices.  Because  of  the  high¬ 
er  frequency  the  radios  based  on  the  WiGig 
spec  would  have  limited  range,  being  used  to 
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interconnect  devices  in  a  single  room. 

The  alliance  members  will  be  actively  in¬ 
volved  in  the  work  of  the  IEEE’s  802.1  lad  task 
group,  which  was  recently  formed  to  draft  a 
multi-gigabit  WLAN  standard  for  60GHz. 
Alliance  members  foresee  a  seamless  handoff 
between  the  short-range  60GHz  connections 
and  today’s  longer-range  Wi-Fi  access  points, 
which  can  cover  an  entire  home. 

Eventually  the  multi-gigabit  802.1  lad  stan¬ 
dard  will  support  WLAN  connections  in  the 
2.4,  5,  and  60GHz  bands  all  on  a  single  chip, 
says  Mark  Grodzinsky  vice  president  of  market¬ 
ing  for  Wilocity  a  start-up  and  a  WiGig  founder. 

The  initial  board  of  directors  is  drawn  from 
13  founding  companies,  including  leading 
chip  vendors  like  Atheros,  Broadcom  and  Intel, 
computer  companies  such  as  Dell, and  makers 
of  mobile  devices  and  consumer  electronics 
like  LG  Electronics,  Nokia  and  Panasonic. 
There  are  four  other  “contributors”,  all  chip 
vendors,  including  NXP  and  STM  Electronics. 

The  alliance  plans  to  work  closely  with  the 
recently  launched  IEEE  802.1  lad  task  group, 
which  has  begun  work  on  a  formal  multi-giga¬ 
bit  WLAN  standard  based  on  the  60GHz  band. 

An  array  of  companies  has  been  demon¬ 
strating  short-range,  gigabit  connectivity,  for 
example,  wirelessly  streaming  high-definition 
video  to  a  big  flat  panel  display 

The  alliance  is  an  effort  to  unite  as  wide  a 
range  of  vendors  as  possible  behind  a  unified 
standard,  McFarland  says.The  alliance  plans  to 
ensure  interoperability  among  a  highly  diverse 
group  of  products  through  a  full  testing  and 
certification  program.  ■ 
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The  Internet  sky  really  is 

Many  folks  are  familiar  with  the  modeling 
we’ve  done  over  the  past  few  years  high¬ 
lighting  that  Internet  demand  is  outstrip¬ 
ping  access  capacity  The  findings  were,  to  put  it 
mildly  controversial:  We’ve  been  called  every¬ 
thing  from  carrier  shills  to  nut-jobs.  (No,  the 
research  wasn’t  sponsored.) 

The  bottom  line?  We  were  right.YouTube 
recently  announced  it’s  discontinuing  video 
delivery  to  certain  geographies  because  of  lack 
of  access  capacity  And 
providers  from  telcos  to 
cable  companies  are 
implementing  “usage 

caps”  to  keep  users  from,  er,  consuming  “too 
much”  bandwidth. Seems  the  only  thing  we  got 
wrong  was  the  timing  — we  anticipated  the 
crunch  hitting  in  the  201 1/2012  timeframe,  but 
we’re  seeing  it  happening  already. 

Time  for  the  really  bad  news.  Access  capacity 
shortage  isn’t  the  only  —  or  even  the  worst  — 
problem  facing  the ‘Net.  IP  itself  is  nearing  end-of-life,with  no  ready 
alternative.  Pretty  much  everyone’s  aware  that  we’re  running  out  of  IPv4 
addresses  at  an  alarming  rate,  and  despite  more  than  a  decade  of  mas¬ 
sive  promotion,  IPv6  deployments  are  a  tiny  fraction  of  what  they 
would  have  to  be  to  meet  the  gap.  A  few  people  are  also  aware  that 
due  in  part  to  increased  multihoming,  routing  table  sizes  are  increasing 
dramatically  to  the  point  where  they’ll  exceed  Moore’s  Law’s  ability  to 
keep  up.  (IPv6  actually  makes  this  problem  worse,  although  how  much 
so  is  a  matter  for  debate.) 

As  described  in  a  paper  presented  at  the  January  NANOG:  For  service 


falling 

providers,  the  Internet  is  about  to  become  a  lot  more  expensive  to 
deploy  and  operate;  for  users,  the  Internet  is  about  to  become  a  lot  less 
reliable  and  a  lot  more  expensive  (and  balkanized). 

It  gets  worse:  There’s  no  clear  fix.  Next-generation  Internet  projects 
have  come  and  gone  over  the  years,  with  little  real  success.  Several  pro¬ 
jects  are  underway  but  they’re  nowhere  near  complete.The  approach 
with  the  greatest  momentum  at  the  moment  is  Location/ID  Separation 
Protocol  (LISP), developed  by  some  of  the  brightest  people  in  the  ‘Net, 
and  supported  by  Cisco.  Another  is  referred  to  as  PNA,  or  Patterns  in 
Network  Architecture,  after  the  eponymous  book  by  its  inventor,  John 
Day  PNA  is  promoted  by  the  Pouzin  Society 
named  after  Louis  Pouzin,  French  inventor  of 
the  datagram,  which  held  its  first  meeting 
recently  at  the  FutureNet  conference  in  Boston. 
There’s  also  the  Trilogy  project,  a  European  aca¬ 
demic  collaboration. 

But  none  of  these  projects  are  far  enough 
along  to  address  the  looming  crisis. There’s  a 
prototype  implementation  of  LISPbut  nothing  in 
production.  PNA  defines  an  architecture,  but 
lacks  an  implementation.  And  Trilogy  is  in  the 
relatively  early  stages  of  setting  up  collaborative  working  groups  —  an 
actual  architecture,  much  less  an  implementation,  is  a  ways  off. 

I’m  fairly  confident  the  current  challenges  will  be  met,  because  there 
are  enough  bright  minds  concentrated  on  the  problem,  and  at  least 
one  potential  architecture  exists.  But  buckle  your  seatbelts  because 
there’s  likely  to  be  turbulence  ahead. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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The  good  cyberattack 

Two  weeks  ago  I  wrote  about  methods  by 
which  law  enforcement  could  cyber-target 
individual  miscreants.  Since  then,  the 
National  Research  Council  (NRC)  of  the 
National  Academies  of  Science  has  published 
a  report  on  a  whole  different  scale  of  cybertar¬ 
geting:  It  deals  with  policy  issues  of  the  United 
States  mounting  cyberattacks  on  groups  of 
cyberterrorists  or  on  countries. 

As  is  generally  the  case  with  NRC  reports,  the 
one  titled  “Technology  Policy  Law,  and  Ethics 
Regarding  U.S.  Acquisition  and  Use  of 
Cyberattack  Capabilities”  is  very  well  balanced.  The  statement  of  the 
committee’s  task  starts: “The  National  Research  Council  will  appoint  an 
ad  hoc  committee  to  examine  policy  dimensions  and  legal/ethical 
implications  of  offensive  information  warfare.”This  report  does  not  pro¬ 
vide  a  road  map  on  how  to  conduct  cyberwarfare.  Instead,  it  examines 
the  “many  questions  and  issues”  associated  with  the  officially  sanc¬ 
tioned  use  of  cyberattacks. 

The  report  presents  22  findings  and  makes  12  specific  recommenda- 
tions.The  findings  include  the  obvious  —  that  “private  parties  have  few 
useful  alternatives  for  responding  to  a  severe  cyber  attack” —  to  the 
hidden,  that  “both  the  decision-making  apparatus  for  cyber  attack  and 
the  oversight  mechanisms  for  that  apparatus  are  inadequate  toda/The 
recommendations  are  not  all  ones  that  most 
governments  would  much  like  because  they 
address  the  need  to  “conduct  a  broad,  unclas¬ 
sified  national  debate  and  discussion  on 
cyberattack  policy^’  and  that  policymakers 
“should  apply  the  moral  and  ethical  principles 
underlying  the  law  of  armed  conflict  to  cyber- 
attack.’Talking  about  military  techniques  and 
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strategies  in  public  is  just  not  done. 

On  the  defensive  side,  some  discussion  seems  to  be  happening. The 
National  Journal  magazine  is  reporting  that  the  United  States  is  devel¬ 
oping  a  Defense  Industrial  Base  initiative  in  which  the  government 
tries  to  help  companies  better  protect  their  —  and  sometimes  govern¬ 
ment  —  information,  such  as  the  plans  for  the  Joint  Strike  Fighter. 

One  problem  with  cyberattacks  is  that  there  is  little  government- 
specific  response  about  them.  A  handful  of  hackers  can  put  together 
as  powerful  an  attack  using  a  botnet  as  a  government  can  with  all  its 
might  and  money. That  is,  unless  the  government  has  the  cooperation 
of  a  major  software  company  or,  as  I  talked  about  two  weeks  ago, 
antivirus  companies. 

Barring  such  arrangements,  which  clearly  not  all  governments 
could  have,  the  folks  making  money  off  spam  have  reason  to  hack 
into  our  computers  and  turn  them  into  zombies  to  do  their  bidding. 
Any  government-managed  cyberattack  system  would  need  to  have 
some  of  the  same  characteristics  of  the  spammers’  approach  —  at 
least  the  hacking  and  subverting  parts.  Of  course,  attacks  could  not 
just  come  from  a  few  machines  because  they  could  be  easily 
blocked,  so  a  government-blessed  attack  could  look  a  whole  lot  like 
one  from  a  bad  guy. The  dialogue  that  the  NRC  report  calls  for  will 
need  to  explain  how  they  are  different. 

Disclaimer:  Students  at  a  number  of  Harvard  schools,  including  busi¬ 
ness  and  law,  are  taught  to  try  to  differentiate  between  actions  that  may 

look  the  same  but  are  not. 

But  as  far  as  I  know,  none  of  them  has  pro¬ 
vided  an  opinion  on  a  description  of  a  good 
cyberattack. 


Subscribe  to  our  free  newsletter: 

www.nwdocfinder.com/1017 


Bradner  is  Harvard  University’s  technology 
security  officer.  He  can  be  reached  at 
sob@sobco.com. 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 


Migrating  to  all-IP  video  surveillance 


BY  FABRIZIO  COLCIAGO 

IP  video  surveillance  is  becoming  the  security  solution  of  choice  due 
to  the  latest  H.264  compression  technology  and  declining  prices  for  IP 
cameras.The  converged  world  of  voice,  video  and  data  has  arrived. 


I 


All-IP  video  security  leverages  your  invest¬ 
ment  in  network  infrastructure,  and  is  simpler, 
more  elegant  and  accessible  to  users  across 
the  enterprise.  In  many  cases,  it  also  is  more 
cost-effective  than  a  conventional  video  sur¬ 
veillance  system  with  analog  cameras  and  dig¬ 
ital  video  recorders. 

Using  IP  cameras,  video  management  soft¬ 
ware  (VMS)  running  on  industry-standard 
servers  and  network-area  storage  systems, 
you  can  maximize  the  value  of  your  invest¬ 
ment  in  network  infrastructure  and  standard¬ 
ize  on  servers  across  your  enterprise,  en¬ 
abling  efficiencies  in  training,  administration 
and  support. 

But  all-IP  video  isn’t  for  everyone.  It  makes 
most  sense  in  expansive,  greenfield  applica¬ 
tions  requiring  a  large  number  of  cameras. 
University  campuses,  shopping  and  entertain¬ 
ment  complexes,  hospitals,  hotels,  airports,  big 
box  stores,  warehouses  and  office  towers  are 
examples  in  which  all-IP  video  security  is  a 
no-brainer.  However,  bringing  video  security 
onto  your  IP  network  is  far  from  an  all-or-noth¬ 
ing  proposition.  Using  advanced  video  secur¬ 
ity  technology, you  can  evolve  toward  an  all-IP 
configuration  at  a  pace  that  makes  sense  for 
your  environment. 

Take,  for  example,  a  university  campus  with 
several  buildings  under  construction.  It  can 
take  advantage  of  the  cost  efficiencies  of  a  con¬ 
verged  voice,  video  and  data  system  in  the  new 
buildings  and  continue  to  leverage  its  invest¬ 
ment  in  legacy  video  security  infrastructure  in 
existing  buildings.  Common  VMS  software  can 
be  used  to  operate  the  resulting  hybrid  video 
surveillance  system. 

You  don’t  have  to  rip  and  replace  analog 
cameras  and  coaxial  cable  until  you’re  ready 
to  do  so. You  can  even  progress  along  the  tech¬ 
nology  migration  path  in  your  existing  build¬ 
ings  if,  for  example,  you  wish  to  install  a  high- 
resolution  IP  camera  in  a  strategic  location, 
integrate  with  other  building  systems  such  as 
fire  alarm  and  access  control  systems,  or  de¬ 
ploy  advanced  video  analytics  that  can  alert 
security  staff  in  real-time  to  unusual  activity 

There  is  no  single,  IP  video  solution  or  ideal 
configuration.  For  example,  if  you  have  a  dis¬ 
tributed  organization  with  hundreds  of  smaller 
sites  spanning  a  large  geographic  area,  coaxial 
cable  and  networked  video  recorders  might 
make  more  sense  for  recording  video  at  rela¬ 
tively  low  frame  rates.  An  all-IP  configuration, 


however,  may  be  the  most  cost-effective  solu¬ 
tion  if  you  need  very  high  resolution  video  or 
the  intelligence  available  from  advanced  video 
analytic  applications. 

Other  IP  video  benefits  include  the  ability  to 
access  remote  locations  via  your  LAN  or  WAN 
and  centralize  security  monitoring  instead  of 
stationing  guards  at  each  site.  Furthermore, 
with  VMS  software  running  on  industry-stan¬ 
dard  servers,  an  all-IP  system  can  be  managed 
easily  by  your  existing  IT  staff. 

An  IP  video  environment  also  lets  you  lever¬ 
age  video  for  uses  other  than  security  An  IP 
video  system  can  be  used  to  support  marketing 
activities  and  operational  management.  For 
example,  in  an  airport  terminal, supervisors  can 
employ  a  queue  length  monitoring  analytic  to 
identify  when  passenger  lineups  exceed  a  pre¬ 
determined  threshold  and  open  another 
check-in  station  to  better  serve  customers. 

Another  advantage  of  hybrid  and  all-IP  video 
surveillance  systems  is  the  ability  to  streamline 
the  management  of  user  profiles  and  permis¬ 
sions  across  the  enterprise.  Integrating  VMS 
software  with  applications  such  as  Microsoft 
Active  Directory  allows  you  to  set  up  user  per¬ 
missions  for  your  video  surveillance  system 
and  other  IT  security  applications.  If  someone 
leaves  the  organization,  takes  a  sabbatical  or 
gets  married  and  changes  their  name,  you 
don’t  have  to  remember  to  delete  or  update 
user  profiles  and  permissions  in  multiple  data¬ 
bases.  This,  in  turn,  eliminates  errors  and  tight¬ 
ens  security 

Potential  concerns  about  the  impact  of  all 
this  high-resolution  video  on  the  corporate  net¬ 
work  is  addressed  by  modern  IP  video  solu¬ 
tions.  Advanced  compression  technologies, 
such  as  H.264,  reduce  bandwidth  and  storage 
requirements  considerably 

Administrators  can  also  configure  an  IP 
video  system  to  capture  and  store  video  at  a 
lower  frame  rate  and  then  bump  up  that  frame 
rate  automatically  on  alarm. Taking  advantage 
of  intelligent  features  available  with  most  sys¬ 
tems  allows  you  to  transmit  video  only  upon  a 
specific  event,  such  as  motion  detected  in  an 
office  building  after  normal  business  hours.  In 
addition,  some  video  surveillance  systems  let 
you  set  bandwidth  usage,  limiting  the  video 
streaming  along  the  network  to  a  fixed  bit  rate 
to  ensure  core  business  data  is  never  compro¬ 
mised.  Finally  bandwidth  usage  can  be  man¬ 
aged  through  the  selection  of  IP  cameras  and 


encoders  with  internal  SDHC  flash  memory 
cards  that  enable  video  capture  at  the  net¬ 
work’s  edge. 

When  video  analytics  were  introduced  sev¬ 
eral  years  ago,  their  performance  often  did  not 
match  manufacturers’  claims. Today  however,  a 
number  of  proven  analytics  are  widely  used. 
These  advanced  applications  represent  a  com¬ 
petitive  advantage  for  organizations  and  are 
increasingly  considered  essential  for  critical 
infrastructure  security 

There  are  three  broad  classes  of  video  ana¬ 
lytics  available.  Diagnostic  analytics  alert  sys¬ 
tem  administrators  to  blocked  camera  views  or 
scene  changes  that  may  be  indicative  of  tam¬ 
pering  or  obstructions.  If  a  camera  is  dislodged 
from  its  housing,  spray  painted,  moved  or 
blocked,  for  example,  the  analytics  will  trans¬ 
mit  an  alarm  and  allow  security  personnel  to 
rectify  the  problem  with  minimal  delay 

The  second  class  of  analytics  is  security- 
related  and  more  complex  to  set  up,  but  well 
worth  the  effort.  These  tools  can  automatically 
alert  security  staff  to  suspicious  events, such  as 
a  perimeter  breach,  an  unattended  bag  or  a 
person  loitering  in  an  automated  teller 
machine  vestibule. 

The  third  category  is  behavioral  analytics, 
such  as  people  counting  or  queue  length 
monitoring,  which  provide  organizations  with 
valuable  operational  intelligence  and  metrics 
that  marketing  teams  or  senior  management 
can  use  to  increase  sales  and  improve  cus¬ 
tomer  service. 

The  convergence  of  voice,  video  and  data 
won’t  happen  overnight.  The  investment  in 
legacy  CCTV  systems  and  the  resources 
involved  in  replacing  them  will,  in  many  cases, 
dictate  a  phased  migration  to  hybrid  video 
configurations  that  can  serve  as  a  bridge  to  the 
inevitable  all-IP  future. 

To  determine  the  best  path  to  IP  video  for 
your  organization,  take  the  same  approach  you 
would  with  any  technology  infrastructure. 
Develop  a  long-term  road  map  with  a  phased 
implementation  that  takes  into  account  your 
surveillance  infrastructure,  future  video  re¬ 
quirements  and  budgetary  realities.  Do  your 
research,  conduct  a  thorough  trial  and  evalua¬ 
tion  and,  by  all  means,  ask  for  references. 

Colciago  is  March  Networks’  CTO  and  man¬ 
aging  director  of  operations  in  Europe,  the 
Middle  East  and  Africa. 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter's  approach. 
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Debugging  the  Interwebs 


GEARHEAD 

Mark  Gibbs 


e  start  this  week  with  an  interesting  ques¬ 
tion  from  my  friend  Dan  O’Neill  who 
manages  some  16,000  networked 
embedded  Linux  servers  around  the  world 
(how  cool  is  that?)  as  part  of  his  business. 

His  problem:“Where  can  I  find  a  live  or  nearly 
live  discussion  of  network  outage  problems? 
The  unofficial  #nanog  [North  American  Net¬ 
work  Operators  Group]  IRC  channel  has  been 
overrun  with  kiddies  for  years  so  that’s  not  valuable  anymore. 

“At  8:30  p.m.  PDT  1  noticed  that  transit  across  the  Internet  was  excep¬ 
tionally  slow.  Keynote  reported  problems  between  Cogent,  Internap,  XO 
and  others  with  packet  loss  between  3.5%  and  6%.  By  9  p.m.  the  problem 
was  worse,  with  Sawis  and  Qwest  reporting  similar  loss  percentages.  At 
2  a.m.  Friday  Internap  and  Qwest  are  reporting  6.5%  packet  loss. 

“I  smell  a  [distributed]  DoS  problem  on  the  greater  Interwebs  but  can 
find  no  discussion  of  the  issue  anywhere.  Google  search  of  the  Web  and 
blogs  also  shows  no  conversations.  Pointers  to  the  real-time  Web  of  use 
ful  conversations  about  Internet  status  would  be  appreciated.” 

Anyone  got  any  good  suggestions  for  O’Neill? 

My  other  topic  for  this  week  comes  from  some  development  work  I’ve 
been  doing  using  SAP’s  Xcelsius  (1  discussed  the  last  update  of  this 
product  a  few  weeks  ago). 

I  was  having  a  problem  understanding  the  actual  content  of  HTTP  re 
quests  I  was  sending  from  my  Xcelsius  model  and  what  I  was  getting 
back.  The  gods  of  development  must  have  been  watching  over  me 
because  just  as  I  thought,' There  must  be  a  really  good  monitoring  proxy 
for  this  kind  of  stuff,”  my  friend  Rumico,  who  runs  the  excellent 
Everything  Xcelsius  Web  site,  posted  an  article  on  the  Linkedln  Xcelsius 
Gurus  group  about  a  tool  called  Fiddler. 


Fiddler,  written  by  Eric  Lawrence,  is  described  as  “a  Web  Debugging 
Proxy  which  logs  all  Secure-HTTP  traffic  between  your  computer  and 
the  Internet.  Fiddler  allows  you  to  inspect  all  HTTP(S)  traffic,  set  break¬ 
points,  and  'fiddle’ with  incoming  or  outgoing  data.” 

Fiddler,  which  is  for  Windows  only  can  be  used  with  any  application 
that  supports  proxying  and,  best  of  all,  it’s  free.  Installation  is  simple  and 
Internet  Explorer  gets  a  Fiddler  option  in  the  tools  menu  while  Firefox 
gets  a  Fiddler  menu  embedded  in  its  status  bar.  The  left  panel  of  the 
Fiddler  interface  lists  all  the  captured  transactions  that  have  been  rout¬ 
ed  (these  can  also  be  saved  and  reloaded)  and  clicking  on  a  single 
transaction  in  the  list  displays  a  detailed  analysis  on  the  user  interface’s 
right  panel. 

This  analysis  includes  statistics  for  either  a  single  or  all  transactions,  an 
auto-responder  that  will  replay  saved  responses  to  specific  requests,  a 
tool  for  hand-constructing  responses,  filtering  to  exclude  specific  trans¬ 
actions,  a  very  powerful  event-driven  scripting  language,  and  a  whole 
slew  of  content  inspectors,  which  include  a  breakdown  of  the  request 
header,  a  text-only  view,  a  hexadecimal  view,  an  analysis  of  authoriza¬ 
tions  used,  a  “raw”  or  uninterrupted  view,  and  an  XML  interpretation. 

There’s  a  timeline  view  that  is  handy  when  filtering  is  used  as  the 
graphical  entries  are  linked  to  the  actual  transactions  they  represent, that 
lets  you  jump  to  the  detailed  analysis  of  any  transaction. 

Add-ons  are  also  available  from  both  the  author  and  third  parties  and 
include  custom  inspectors  to  provide  syntax  highlighting  for  Fiddler- 
Script  (Fiddler’s  scripting  language),  HTML,  JavaScript  and  XML  as  well 
as  a  content  blocker  and  an  image  gallery  (this  fetches  and  displays  all 
images  found  in  the  selected  transactions). 

Fiddler  is  a  gem  of  a  tool.  I’ll  give  Fiddler  5  out  of  5. 

Gibbs  can  be  reached  at  gearhead@gibbs.com. 


Voyager  headset  goes  Pro 


The  scoop:  Voyager  PRO  Bluetooth  headset,  by 
Plantronics,  about  $100  (available  at  Plan- 
tronics.com  and  Best  Buy  through  May). 

What  it  is:  The  latest  premium 
Bluetooth  headset  by 
Plantronics,  this  noise-can- 

C00LT00LS  celinS  headset  is  designed 

to  appeal  to  mobile  profes¬ 
sionals  who  spend  a  lot  of 
time  on  their  phones  and  want  performance  and  a 
business-acceptable  look  and  feel. 

The  Voyager  PRO  is  designed  much  like  the  ear¬ 
lier,  very  popular  Voyager  510,  in  which  the  bat¬ 
tery  is  part  of  the  behind-the-ear  portion  of  the 
headset  (rather  than  have  the  bulky  part  sit  on  the 
front  of  the  headset).  This  design  creates  a  more 
comfortable  fit,  as  users  don’t  have  to  jam  some¬ 
thing  in  their  ear,  and  the  flexible  earloop  is  com¬ 
fortable.  This  allows  power  users  to  keep  their  head¬ 
set  attached  to  their  ear  all  day  without  getting  the  “I 
have  an  annoying  headset  on  my  ear”  feeling. 

Plantronics  says  the  Voyager  PRO  features  as  many  as 
six  hours  of  talk  time  and  as  many  as  five  days  in  standby 
mode,  and  offers  audio  alerts  to  the  users  when  the  battery  is  running 
low  (at  30  minutes  left,  you  get  a  “low  battery”  vocal  warning,  and  at  10 
minutes  you  get  another  warning  asking  you  to  recharge  the  battery). 
A  “mute”  function  is  aimed  at  workers  who  may  want  to  listen  to  con¬ 
ference  calls  but  not  have  their  ambient  noise  be  heard. 

Why  it’s  cool:  Noise-cancellation  features  are  almost  a  requirement 
these  days  for  a  premium  Bluetooth  headset,  and  the  Voyager  PRO 
delivers,  with  dual  noise-canceling  microphones,  Plantronics’  Audio 
1Q2  proprietary  technology  and  up  to  80  db  of  noise  cancellation. 


In  addition  to  reducing  ambient  noise,  the  Voyager  PRO  includes 
“wind  noise  reduction”,  in  which  three  levels  of  wind  noise  are 
reduced  for  users  who  want  to  talk  on  their  phones  while  out¬ 
doors.  The  headset  also  features  stainless  steel  wind  screens  and 
special  acoustic  fabric  (made  by  the  same  folks  who  make 
Gore-Tex)  to  help  separate  speech  from  the  wind.  In  my  test 
calls  with  the  headset,  nobody  complained  or  asked  if  I  was  on 
a  headset. 

The  killer  reason  to  try  this  headset  is  for  its  inbound  noise 
improvements.  Recognizing  that  communication  is  a  two-way 
street,  the  Voyager  PRO  includes  inbound  audio  quality  so  that 
the  headset  owner  can  hear  the  conversation  as  well.  With  ear¬ 
lier  noise-canceling  headsets  I’ve  tried,  the  person  on  the 
receiving  end  could  hear  my  voice  just  fine, but  I  was  strug¬ 
gling  to  hear  them.  On  the  Voyager  PRO,  the  custom 
speaker  includes  an  adaptive  20-band  equalizer 
and  self-adjusting  volume  feature 
that  adapts  to  the  noise 
lcvd  around  the  user 
The  Voyager  and  increases  or 

PRO  is  so  comfort-  decreases  the  volume 

able,  you  might  to  a  proper  level, 

forget  you  are  Some  caveats:  In  one  noisy 

wearing  it.  environment  (a  mall  food  court),  the  self- 

adjusting  volume  feature  overcompensated 
a  bit,  and  the  volume  in  my  ear  got  a  little  loud.  Also,  a  warning  —  the 
headset  is  very  comfortable  on  the  ear,  so  you  have  to  remember  to 
take  it  off  if  it’s  raining  outsiders  the  device  is  not  weather-proof. 

Grade:  ★★★★★  (out  of  five). 

Shaw  can  be  reached  at  kshaw@nww.com. 

Follow  him  on  Twitter  at  http://twitter.com/shawkeith 
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The  right  video  network  can  take  you  anywhere 


How  far  can  your  corporate  network  take  you? 

Now  more  than  ever  businesses  must  reduce  costs  while  staying  connected  with  customers,  prospects,  partners  and  colleagues. 
But  their  investments  in  high-definition  conferencing  equipment  are  being  undermined  by  the  limited  capabilities  of  their  existing 
network  providers.  MASERGY’s  global  IP  MPLS  network  is  engineered  specifically  to  support  real-time  applications,  even  across 
a  converged  corporate  network.  MASERGY  guarantees  100%  packet  delivery  for  global  voice  and  video  traffic  between  all  office 
locations,  supported  with  advanced  customer-controlled  network  management  capabilities  launched  at  the  click  of  a  mouse. 
So  whether  your  company  is  seeking  to  reduce  travel  budgets,  sales  cycles,  time  to  market  or  carbon  footprints,  MASERGY  will 
help  you  get  there, 

1-800-MASERGY  j  masergy.com 

Global  Networking  Redefined 


^MASERGY 


If  can  be.  Cool  air  is  ready  fo  roll 
with  the  MovinCool  line  of 
Office  Pro  portable  air  conditioners 


•  Simply  roll  it  in,  plug  it  in,  duct  it  out  and  turn  it  on 

•  No  costly  installation  necessary 

•  Quickly  provides  up  to  60,000  Btu/h  of  cooling 

•  Easy-to-use  24/7  programmable  controls 

•  Maximum  cooling  to  just  the  spot  that  needs  it 

•  Cools  down  to  65°F,  perfect  for  servers  and  telecom  equipment 

•  MORE  BANG  FOR  YOUR  BUCK  -  protects  against  costly  equipment 
shutdowns,  plus  our  units  are  backed  up  with  one  of  the  best  warranty 
coveraqes  in  the  business 


lo  learn  more 
visit  movincool.com 

or  coll  800-264-9573 


MCVINCOOL 


THE  #1  SPOT  COOLING  SOLUTION 

A  DENSO  product 
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INTEROP2009 

SHOW  PLANNER 

Interop  Las  Vegas  faces  chal¬ 
lenges  because  of  restricted  IT 
budgets  nationwide,  the  gener¬ 
al  down  economy  and  the 
unpredictable  impact  of  a  swine  flu  epidemic,  but  the 
show  is  forging  ahead  with  new  programs  including  a 
segment  dedicated  to  cloud  computing.  Interop's  gen¬ 
eral  manager  Lenny  Heymann  says  without  a  doubt 
Interop  Las  Vegas  2009  has  to  deal  with  some  pretty 
harsh  realities. 

But  those  who  make  it  to  the  show  will  find  a  major 
new  area  of  focus:  cloud  computing.  ‘‘This  is  the  first 
time  at  length  that  anyone’s  examined  the  use  and 
impact  of  the  cloud  within  the  enterprise,”  Heymann 
says.  “There  are  real  strengths  and  upsides  there,  and 
dangers  for  security  and  compliance." 

The  conference  runs  from  May  17-21  at  the  Mandalay 
Bay  Convention  Center.  Picking  and  choosing  among 
the  myriad  sessions  is  never  an  easy  task.  Here  we 
highlight  some  of  the  more  interesting  gatherings  and 
keynotes. 


SUNDAY  MAY  17 


iflllfMflHI 


30 -11:45  a.m. 


9: 

Removing  the  uncertainty  and 
(but  not  the  fear) 


doubt 


Businesses  are  pressured  from  the  outside  to  meet  security 
compliance  standards  such  as  the  Payment  Card  Industry  stan¬ 
dards  and  the  Health  Insurance  Portability  and  Accountability 
Act,  but  compliance  doesn't  necessarily  mean  security.  In  order  to 
protect  the  most  important  data,  businesses  have  to  rank  their 
most  valuable  assets  and  take  steps  to  protect  them. 

This  session  proposes  a  methodology  for  assessing  risk  quanti¬ 
tatively,  then  managing  it  across  an  entire  corporation.  Following 
this  model  results  in  knowing  what  data  is  most  at  risk,  what  risks 
to  mitigate  and  what  risks  to  accept,  and  how  to  impose  a  cost- 
benefit  analysis  on  risk  management.  Because  it  isn't  practicable 
for  all  data  to  receive  the  most  stringent  security,  how  should 
businesses  decide  and  justify  the  measures  taken  to  protect  dif¬ 
ferent  classes  of  data? 

This  session  is  run  by  AmitYoran,  who  was 
director  of  the  National  Cyber  Security 
Division  of  the  Department  of  Homeland 
Security  as  well  as  the  CEO  of  In-Q-Tel,  the 
venture  capital  arm  of  the  CIA  —  jobs  that 
give  him  a  unique  insight  into  evaluating 
threats  and  finding  measures  to  combat 
them.  He  is  currently  chairman  and  CEO  of 
NetWitness. 


Amit  Yoran 


i 

t 


8:30  a.m.-4:30  D.m. 

Managing  ana  securing 
mobile  devices 

This  session  will  dig  into  the  nuances  and  complexities  of  corporate 
mobile-device  deployments.  Run  by  Michael  Finneran,  a  consultant 
who  wrote  “Voice  Over  Wireless  LANs -The 
Complete  Guide",  this  course  runs  participants 
through  a  detailed  checklist  of  deployment.  But 
it  also  highlights  security  concerns  that  might 
not  be  apparent  at  the  outset  such  as  mobile- 
specific  malware,  frequency  jamming  and  disso¬ 
ciation  attacks.  Finneran  will  recommend  secu¬ 
rity  measures  per  device  type  -  laptop,  cell 
phone,  PDAs  and  smartphones. 


MONDAY  MAY  18 


8:30  a.m.  -  4:30  p.m. 

Energy  camp 

A  range  of  experts  from  the  Environmental  Protection  Agency  to 
academia  to  industry  analysts  will  detail  how  businesses  can  save 
money  on  energy  costs  by  scrutinizing  their  network  architectures 
and  the  products  they  buy, 

This  session  will  start  with  a  discussion  between  presenters  and 
the  audience  to  determine  what  topics  most  interest  those  attend¬ 
ing.  The  rest  of  the  program  will  be  tailored  to  meeting  those  needs. 

Included  among  the  presenters  is  Tom  Raftney,  the  director  and  co¬ 
founder  of  the  Cork  Internet  exchange,  a  data  center  in  Ireland  that 
was  built  with  energy  efficiency  in  mind.  Professor  Saifur  Rahman  of 
Virginia  Tech  University  is  also  presenting  on  IEEE  power  and  energy 
standards  that  can  drive  cost  savings. 

8:30  a.m.  -  4:30  p.m. 

Virtualization  day 

Virtual  environments  have  their  own  management  and  security 
concerns  that  vary  depending  on  which  vendor's  virtualization  soft¬ 
ware  is  employed  and  whether  it  is  used  on  servers,  desktops  or 
both.  This  all-day  series  of  sessions  covers  them  all. 

Presenters  are  Anne  Skamarock  and  Barb  Goldworm,  both  of 
whom  are  consultants  with  Focus.  Also  presenting  is  Martin  Ruest, 
a  consultant  with  Resolution  Enterprises. 


Mike  Finneran 


TUESDAY  MAY  19 


8:30  a.m.  - 10  a.m. 

Keynote  addresses:  Marius  Haas, 
senior  vice  president  and  general  manager 
of  HP  ProCurve  Networking,  and  Stephen 
Herrod,  CTO  of  VMware. 

Haas  will  kick  off  Interop  by  calling  for 
businesses  to  tightly  link  their  choices  of  net¬ 
work  infrastructure  to  their  business  goals. 
He  will  argue  that  successful  businesses  will 
reap  maximum  value  from  their  IT  infrastruc¬ 
ture  and  seek  out  multiple  vendors  to  accom¬ 
plish  this.  The  talk  will  also  include  his  take  on 
disruptive  factors  affecting  IT  and  his  predic¬ 
tions  of  where  the  industry  as  a  whole  is 
headed  next. 


Stephen  Herrod 
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SHOW  PLANNER:  Interop  2009 


Herrod  will  stress  the  flexibility  and  the  more  efficient  use  of  IT 
resources  that  businesses  can  reap  from  cloud  computing  services. 
He  plans  to  introduce  the  concept  of  the  cloud  operating  system,  an 
open  approach  to  the  underpinnings  of  cloud  computing  that  requires 
cooperation  among  vendors  and  service  providers.  The  results  for 
businesses  will  be  lower  capital  costs  and  the  ability  to  focus  IT 
resources  directly  on  business  goals  and  applications  that  support 
them  rather  than  constantly  tending  to  infrastructure  problems. 

10:15  -11:15  a.m. 

Key  skill  sets  for  the  data  center 
manager  of  the  future 

Running  data  centers  efficiently  is  becoming  increasingly  critical. 
These  power  hogs  are  indispensable  to  businesses,  and  with  bud¬ 
gets  tighter  than  ever,  bean  counters  are  looking  for  savings.  This 
session  draws  on  the  experience  of  two  veteran  data-center  execu¬ 
tives  -  Paul  Clark,  the  data  center  manager  at  The  Ohio  State 
University  Medical  Center,  and  Tim  McLaine,  the  global  functional 
manager  of  data  center  services  for  Perot  Systems,  who  will  talk 
about  managing  less  experienced  staff  and  preparing  themselves 
for  future  demands.  Forrester  Research  analyst 
Doug  Washburn  moderates  the  discussion. 

11:30  a.m.  -12:30  p.m. 

Social  software  tools: 

A  critical  evaluation 

Based  on  research  from  CMS  Watch,  the  com¬ 
pany's  founderTony  Byrne  will  share  reported 
customer  experiences  with  collaboration 


Tony  Byrne 


suites,  blogs,  wikis  and  portals.  He  will  warn  that  products  in  these 
areas  differ  from  vendor  to  vendor  in  their  maturity  and  how  good 
their  support  is.  His  goal  is  to  better  prepare  corporate  networking 
executives  to  evaluate  the  range  of  product  types  and  also  specific 
products. 


1  -  2:30  p.m. 

Keynote  addresses:  Enterprise  Cloud  Summit 


Interop  organizers  have  scheduled  a  program  exclusively  about  cloud 
computing  that  includes  Cloud  Camp,  a  fast-paced  Q&A  formatted 
session  in  which  attendees  can  network  with  others  who  are  trying  to 
work  out  cloud  strategies.  This  keynote  address  is  made  up  of  three 
vendor  experts  who  will  present  their  spin  on  where  clouds  are  headed 
and  what  the  best  strategy  is  for  businesses  creating  their  own  clouds 
or  buying  cloud  services.  They  include  Russ  Daniels,  the  vice  president 
and  CTO  of  cloud  service  strategy  for  HP;  Vishal  Sikka,  CTO  of  SAP; 
and  Ric Telford,  vice  president  of  cloud  services  for  IBM. 


2:45  -  3:45  p.m. 

Virtualization  -  life  in  the  trenches 

It’s  one  thing  to  listen  to  vendors  talk  about  the  benefits  of  virtu¬ 
alization:  more  efficient  use  of  servers,  less  impact  on  perfor¬ 
mance  when  demand  surges,  better  control  over  application  ver¬ 
sioning  and  so  on.  It's  another  thing  -  and  perhaps  more  instructive 
-  to  hear  the  experiences  of  someone  who  has  actually  deployed 
virtual  infrastructure.  Christopher  Steffen,  principal  technical 
architect,  Kroll  Factual  Data,  which  provides  business  information 
to  lenders,  and  IT  consultant  David  Straede,  the  president  and 
COO  of  SBWH.com,  will  detail  what  worked  and  what  didn't  in 
their  own  real-world  experiences. 


2:45  -  3:45  p.m. 

A  “crash”  course  in  data  replication 

This  session  will  sort  out  the  overabundance  of  options  for  repli- 


Prepare  For  The  Unexpected 
With  Room  Alert 


& AVTECH 


View  Room  Alert  &  More  At  Interop  Las  Vegas  -  Booth  # 2334 


No  one  knows  when  or  how  disaster  will  strike.  We  just  know  the 
potential  is  always  there.  So  preparation  is  crucial  to  minimizing  its 
impact  on  computers,  networks,  users  &  business. 


Room  Alert  products  monitor  critical  environment  conditions 
like  temperature,  power,  humidity,  flood,  smoke,  room  entry,  air 
flow,  motion  &  more.  They  alert  staff  by  any  method  &  can  take 
automatic  corrective  action.  There  is  a  model  that  is  right  for  any 
organization  and  budget...  yours  toot 

Call  Or  Visit 
Us  Online  Today 


Solutions 

Start  At  S 275 


888.220.6700  •  401.847.6700 
AVTECH.com 


SENSAPHONF 

REMOTE  MONITORING  SOLUTIONS 

www.sensaphone.com 


Come  see  the  new  WEB600  at 

INTEROP 

LAS  VEGAS  |  MAY  17-21,  2009 


and  keep  your  business  running 


COST  EFFECTIVE  and  scaleable 
for  any  size  business 

Monitor: 

•  Temperature  •  Humidity  •  Power  Failure 
•  Water  on  the  Floor  •  Physical  Security 
•  Video  •  Smoke  &  Fire 


Notification: 

Phone  Call  •  Text  Message  •  E-Mail  •  Snmp  Trap 


mance  when  demand  surges,  better  control  over  application  ver¬ 
sioning  and  so  on.  It's  another  thing  -  and  perhaps  more  instruc¬ 
tive  -  to  hear  the  experiences  of  someone  who  has  actually 
deployed  virtual  infrastructure.  Christopher  Steffen,  principal 
technical  architect,  Kroll  Factual  Data,  which  provides  business 
information  to  lenders,  and  IT  consultant  David  Straede,  the  presi¬ 
dent  and  COO  of  SBWH.com,  will  detail  what  worked  and  what 
didn't  in  their  own  real-world  experiences. 


WEDNESDAY  MAY  20 


11:30  a.m. -12:30  p.m. 

nderstanding  and  implementing  the  Windows 
mobile  platform 


Windows  mobile  has  become  one  of  the  major  operating  systems 
that  businesses  contend  with  in  their  mobile  deployments.  This  ses¬ 
sion  delves  into  the  devices  the  software  runs  on,  how  to  secure  it 
to  enterprise  standards  and  the  management  features  it  brings  to  a 
corporate  network.  Presenter  Chris  DeHerrera  is  a  mobility  archi¬ 
tect  for  consultancy  Enterprise  Mobile  where  he's  written  a  formal 
comparison  of  features  and  device  management  for  the 
BlackBerry,  iPhone  and  Windows  Mobile,  so  he  can  put  Windows 
Mobile  into  perspective. 


2  p.m.  -  3  p.m. 

UC  applications  with  a  payoff  today 

Consultant  Don  Van  Doren,  a  principal  at  UniComm  Consulting, 
will  lead  off  with  what  he  sees  as  the  dollar  savings  and  revenue 
opportunities  of  deploying  unified  communications.  Karen  Bailey, 
voice  and  communications  services  executive  for  Wells  Fargo  Bank, 
will  outline  her  experiences  deploying  several  UC  projects.  The  two 
will  finish  off  discussing  UC  cost  benefits  and  fielding  audience 
questions. 


3:15-4:15  p.m. 

Retrofitting  today’s  data  center 
for  better  capacity  and  efficiency 

This  session  will  offer  penny-pinching  tips  on 
how  to  stretch  scarce  budget  dollars  and 
squeeze  more  life  out  of  current  data  center 
gear,  and  to  do  so  making  more  efficient  use 
of  power.  Jack  Pouchet,  director  of  energy  ini¬ 
tiatives  for  Emerson  Network  Power,  will 
share  some  of  his  firm’s  knowledge  about  data 
center  streamlining,  One  principle  the  firm  builds  on:  one  watt 
saved  at  the  processor  level  can  save  an  average  total  of  2.84 
watts  in  energy  consumption. 


Jack  Pouchet 


THURSDAY  MAY  21 


11:30  a.m. -12:30  p.m. 

Is  there  a  compelling  business  case 
for  desktop  virtualization? 

Desktop  virtualization  can  create  the  opportunity  to  lower  opera¬ 
tional  costs  and  reduce  the  total  cost  of  ownership  for  desktops, 
according  to  presenters  at  this  session.  Barb  Goldworm,  an  analyst 
and  president  of  Focus,  will  give  her  spin  on 
this  issue  and  Tim  FitzGerald  of  Avnet,  an  IT 
distributor  and  consultancy,  will  talk  about 
where  businesses  can  wring  out  savings  using 
virtual  desktops.  These  tips  will  help  attendees 
decide  if  desktop  virtualization  is  right  for 
them  and  if  so  how  to  work  up  a  compelling 
funding  proposal. 


YOUR  NETWORK.  OUR  CONNECTION, 


802.3ah/802.1ag/Y,1731  remotely  managed  Network  interface  Device  are 
available  with  Fast  Ethernet  and  Gigabit  Ethernet  options  and  also  come  with 
the  following  features: 

•  Complete  Ethernet  0AM  Support:  802.  lag  (CFM),  Y.1731  (CFM  &  PM), 

802. 3ah  (EFM) 

•  Packet  Performance  Validation:  Monitor  delivery  of  real-time  applications,- 

SLAs  -  Monitor  key  performance  metrics  &  health  parameters  a 

•  In-Service  Throughput  Testing:  Validate  SLA  performance  in  live  traffic  M 
with  no  disruption  to  customer  traffic 

•  Intelligent  Loopback  Testing:  Layer  1 -2-3-4  loopbacks 
(MAC/IP  address,  TCP/UDP  port  swap),  Per-Flow  loopback 

•  RFC-2544:  Fully  automated  RFC-2544  test  suit 

•  Advanced  Service  Creation:  Bandwidth  policies,  traffic  filtering, 

traffic  shaping,  jumbo  frame  support,  VLAN  (including  Q-in-Q),  ^ 

•  Standards  Compliant:  MEF  certified,  IEEE  standards  &  NEBS 
More  details  coming  soon... 
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BY  SANDRA  GITTLEN 


When  the  director  of  IT  at  a 
Boston-based,  midsize  phar¬ 
maceutical  firm  was  first 
approached  to  participate  in 
a  data-leakage  audit,  he  was 
thrilled.  He  figured  the  audit 
would  uncover  a  few  weak 
spots  in  the  company’s  data- 
leak  defenses  and  he  would 
then  be  able  to  leverage  the 
audit  results  into  funding  for 
additional  security  resources. 


“Data  leakage  is  an  area  that  doesn’t  get  a  lot 
of  focus  until  something  bad  happens.  Your 
biggest  hope  is  that  when  you  raise  concerns 
about  data  vulnerability,  someone  will  see  the 
value  in  allowing  you  to  move  forward  to  pro¬ 
tect  it,”  the  IT  director  says. 

But  he  got  way  more  than  he  bargained  for. 

The  15-day  audit  identified  11,000  potential 
leaks,  and  revealed  gaping  holes  in  the  IT 
team’s  security  practices. 

The  audit,  conducted  by  Networks  Unlimited  in  Hudson, 
Mass.,  examined  outbound  e-mail,  FTP  and  Web  communica¬ 
tions.  The  targets  were  leaks  of  general  financial  information, 
corporate  plans  and  strategies,  employee  and  other  personal 
identifiable  information,  intellectual  property  and  proprietary 
processes. 

Networks  Unlimited  placed  one  tap  between  the  corporate 
LAN  and  the  firewall  and  a  second  tap  between  the  external 
e-mail  gateway  and  the  firewall.  Networks  Unlimited  used 
WebSense  software  on  two  servers  to  monitor  unencrypted 
traffic.  Then  it  analyzed  the  traffic  with  respect  to  company 
policy,  (see  diagram,  page  31)  Specifically,  Networks  Unlimited 
looked  for  violations  of  the  pharmaceutical  firm’s  internal 


1000 

0011100100)11011001111001 

1000010101311000101010111 


1001 


confidentiality  policy  corporate 
information  security  policy, 
Massachusetts  Privacy  Laws 
(which  go  into  effect  in  2010), 
the  Health  Insurance  Portability 
and  Accountability  Act  (HIPAA), 
and  Security  and  Exchange 
Commission  and  the  Sarbanes- 


EDITOR’S  NOTE 

Security  consultancy  Networks 
Unlimited  allowed  reporter 
Sandra  Gittlen  to  tag  along  as  it 
conducted  a  data  leak  audit  at  a 
Boston- based  pharmaceutical 
firm,  then  presented  its  findings 
to  company  execs.  In  exchange 
for  this  type  of  access,  we  agreed 
not  to  identify  the  pharma  firm. 


Oxley  Act  regulations. 

Auditor  Jason  Spinosa,  senior  engineer  at  Networks  Unlimited,  says  that 
while  he  selected  the  criteria  for  this  audit,  he  usually  recommends  that 
companies  take  time  to  determine  their  policy  settings  based  on  their  risk 
profile.  See  Data  leak,  page  32 
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continued  from  page  30 

That  said,  Spinosa  was  shocked  at  what  he 
found  —  more  than  700  leaks  of  critical 
information,  such  as  Social  Security  num¬ 
bers,  pricing,  financial  information  and 
other  sensitive  data  in  violation  of  the 
Payment  Card  Industry’s  standards.  He  also 
found  serious  lapses  —  more  than  4,000  — 
that  ran  counter  to  HIPAA  and  Defense 
Department  Information  Assurance 
Certification  rules. 

And  although  the  firm  technically  does 
not  fall  under  HIPAA  because  a  third  party 
handles  all  patient  information,  the  IT  direc¬ 
tor  says  the  company  hopes  to  eventually 
bring  some  of  that  functionality  in-house 
and  should  be  prepared.  In  addition, 
Spinosa  says  companies  that  don’t  fall 
under  HIPAA  should  audit  based  on  HIPAA 
guidelines  because  of  the  potential  leakage 
of  sensitive  employee  data. 

Incredibly,  the  audit  uncovered  more  than 
1,000  cases  of  unencrypted  password  dis¬ 
semination, such  as  to  access  personal, Web- 
based  e-mail  accounts. 

Spinosa  calls  this  troublesome  because 
oftentimes  employees  use  the  same  pass¬ 
word  for  multiple  systems.  “This  can  leave 
your  internal  applications  very  vulnerable,” 


he  says. 

Here  are  some  of  the  worst  leaks  uncov¬ 
ered  in  the  audit: 

Leak  No.  1:  Confidential  zip  file 
An  employee  sent  an  unencrypted  e-mail 
with  a  .zip  attachment  that  contained  docu¬ 
ments  clearly  marked  “confidential.”  This 
despite  the  fact  that  the  recipient  of  the  e-mail 
had  signed  a  confidential  disclosure  agree¬ 
ment,  a  red  flag  which  meant  that  all  corre¬ 
spondence  should  have  been  encrypted. 

WORST  CASE  SCENARIO:  The  e-mail  could  have 
been  intercepted  and  viewed  by  a  third  party. 
This  also  constitutes  a  potential  HIPAA  viola¬ 
tion  because  of  the  delicate  nature  of  the 
attachment's  contents. 

Leak  No.  2:  Confidential  attachment 
An  employee  sent  an  e-mail  to  an  outside 
vendor  with  an  attachment  marked  “confi¬ 
dential”  that  discusses  the  rights  and  com¬ 
pensation  of  a  patient  participating  in  a  clin¬ 
ical  trial. 

WORST  CASE  SCENARIO:  The  e-mail  exposes 
details  about  an  unfinished  confidential  doc¬ 
ument  and  the  information  could  prove 
embarrassing  for  the  company. 

Leak  No.  3:  Clinical  study 
An  employee  attached  an  almost  finished 
clinical  study  report  to  an  unencrypted  mes¬ 


Anatomy  of  an  audit 

DATA  IN  MOTION 

1.  Monitoring  criteria  is  defined  on  a  data-leak  prevention  (DIP)  management  server. 

2.  Criteria  is  pushed  to  DLP  monitor. 

3.  Taps  into  LAN  and  DMZ  between  subnets  and  firewall  are  connected  to  monitor. 

4.  Monitor  logs  traffic  that  meets  defined  criteria  and  sends  records  back  to  manager  server  for  user  review. 

DATA  DISCOVERY 

5.  Hosts  to  be  scanned  are  defined  on  DLP  management  server. 

6.  Criteria  is  sent  to  DLP  monitor. 

7.  Monitor  scans  shares  on  internal  machines  for  defined  criteria. 


sage  sent  to  an  outside  vendor. 

WORST  CASE  SCENARIO:  THIS  could  have 
exposed  results  of  the  clinical  study  earlier 
than  the  company  intended. 

Leak  No.  4:  Sensitive  spreadsheet 
An  employee  sent  sensitive  employee  com¬ 
pensation  data  to  an  outside  survey  compa¬ 
ny.  The  attached  spreadsheet  included  salary, 
bonuses,  sales  quota,  stock  options,  granted 
share  price  and  other  information. 

WORST  CASE  SCENARIO:  In  direct  violation  of 
Massachusetts  Privacy  Laws  and  an  exposure 
of  this  information  could  lead  to  competitive 
and  public  relations  nightmares. 

So,  it  was  quite  an  uncomfortable  scene  as 
the  IT  manager,  his  CIO  and  risk  manager,  as 
well  as  other  members  of  the  IT  team,  lis¬ 
tened  intently  as  the  Networks  Unlimited  pre- 

See  Data  leak,  page  34 


With  more  than  two  decades 
of  security  audits  under  his 
belt,  Networks  Unlimited 
President  Harry  Segal  has 

seen  it  all.  Here  are  the  most 


USERS  SENDING  CONFIDENTIAL 
files  to  their  personal  e-mail  address¬ 
es.  Oftentimes,  employees  will  for¬ 
ward  sensitive  documents  to  their 
Hotmail  or  Gmail  accounts  so  they 
can  work  on  the  files  from  home. 
However,  more  often  than  not,  they 
use  unsecured  methods  rather  the 
company's  VPN. 

2.  COMPANIES  ALLOW  USERS  to 
decide  whether  to  encrypt  attach¬ 
ments.  Rather  than  employing  auto¬ 
mated  tools  that  apply  policies  to 
secure  attachments,  companies  rely 
on  their  employees. This  results  in 
employees  avoiding  the  extra  steps  to 
secure  it  or  not  realizing  that  the  doc¬ 
ument  is  indeed  confidential. 

3.  ORGANIZATIONS  DO  BUSINESS 
with  providers  that  allow  for  data 
leakage.Too  often,  companies 
exchange  sensitive  information  with 
business  partners  that  don't  take  the 
extra  steps  to  secure  data.  For 
instance,  your  human  resources  team 
might  use  a  background  checking  ser¬ 
vice  that  requests  sensitive  informa¬ 
tion  about  prospective  employees 
such  as  their  Social  Security  number 
and  address  without  insisting  it  be 
encrypted. 
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“Right  now;  the  way  they  are  handling  confidential 
information  is  putting  them  at  risk  to  incur  legal, 
regulatory  and  business  partner  repercussions.” 

Jason  Spinosa,  Networks  Unlimited 


Data  leak 

continued  from  page  32 

sented  its  findings. 

“The  biggest  thing  for  us  is  safeguarding  our 
intellectual  property,  including  patents. 
Breaches  in  this  industry  can  result  in  not  just 
serious  fines,  but  also  bad  public  relations  so 
we  have  to  protect  ourselves,”  the  IT  director 
says. 

While  the  CIO  found  these  examples  unset¬ 
tling,  he  says  the  fact  that  they  all  happened 
within  a  six-hour  span  was  inexcusable.  “We 
thought  we  were  in  good  shape.  We  had  done 
internal  and  external  audits  in  preparation 
for  the  Massachusetts  Privacy  Laws,  we  did 
extensive  penetration  testing,  we  have  securi¬ 
ty  tools  such  as  intrusion  detection  and  pre¬ 
vention  and  laptop  encryption  in  place,  and 
we  do  employee  training.  This  just  goes  to 
show  you  can  do  all  that  and  it's  just  not 
enough,”  he  says. 

How  to  respond 

Spinosa  recommends  that  the  pharmaceu¬ 
tical  team  take  a  two-pronged  approach  and 
revisit  their  business  processes  and  technolo¬ 
gy  fortification.  “Right  now,  the  way  they  are 
handling  confidential  information  is  putting 
them  at  risk  to  incur  legal,  regulatory  and 
business  partner  repercussions,”  he  says. 

But  he  adds  that  all  of  the  events  he  found 
are  easily  preventable.  He  advises  companies 


not  to  rely  on  users  or  business  partners  to  do 
the  right  thing.  Instead,  encryption  should  be 
automated.  For  instance,  the  company  should 
extend  its  use  of  transport  layer  security, 
which  is  already  used  to  secure  its  communi¬ 
cations  with  the  FDA,  to  transmit  sensitive 
documents  to  other  business  partners. 

In  addition,  the  company  should  deploy  a 
secure  e-mail  product  that  automatically 
detects  and  encrypts  messages  containing 
confidential  information,  such  as  patents  and 
clinical  trial  results.  Spinosa  says  these  prod¬ 
ucts  also  alert  senders,  including  business 
partners,  who  try  to  send  confidential  infor¬ 
mation  unencrypted. 

Most  importantly  organizations  should  per¬ 
form  regular  audits  on  their  networks  to 
ensure  that  policies  are  being  enforced. 

Hand-in-hand  with  automation, Spinosa  rec¬ 
ommends  user  and  business  partner  educa¬ 
tion.  Companies  should  train  users  in  fre¬ 
quent  intervals  about  the  impact  of  sensitive 
data  leaks. 

They  should  also  explain  what  types  of 
information  is  considered  confidential.  The 


emergence  of  new  regulations  such  as  the 
upcoming  Massachusetts  Privacy  Laws  pro¬ 
vides  an  opportunity  to  educate  users  about 
all  relevant  regulations. 

Finally,  companies  should  only  do  business 
with  other  companies  that  understand  how 
to  exchange  information  securely. 

The  pharmaceutical  company’s  CIO  agrees 
that  he  needs  to  enact  all  of  these  suggestions 
and  even  says  he  has  most  of  the  encryption 
technology  in  place  and  ready  to  go.  But  with¬ 
out  buy-in  from  senior  executives,  such  as  the 
COO,  CFO  and  chief  medical  officer,  he  says 
none  of  it  will  work. 

Therefore,  his  first  task  is  to  do  a  deeper 
audit  with  more  fine-grained  search  terms  to 
eliminate  potential  false  positives  and  pre¬ 
sent  those  findings  to  the  executive  team.“If  I 
can  educate  the  executive  team  and  show 
them  the  risk,  that  will  make  my  job  much 
easier”  he  says. 

Gittlen  is  a  freelance  technology  editor  in  the 
Boston  area.  She  can  be  reached  at  sgit- 
tlen@charter.net. 
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Switches 

continued  from  page  1 

compared  with  Cisco’s  Nexus  5000  and  4900M 
switches,  Extreme’s  X650  and  Force  10’s  S2410. 
These  figures  include  the  cost  of  powering  and 
cooling  the  switch,  according  to  Brocade. 

Brocade  also  is  introducing  a  stackable 
switch  for  campus  networks  that  the  company 
says  supports  the  highest  Power  over  Ethernet 
(FbE)  Plus  stackable  port  density  PoE  Plus  is  an 
extension  of  the  FbE  standard  for  video  sup¬ 
port,  among  other  features. 

The  Fastlron  CX  is  available  in  24-  or  48-port 
PoE  or  non-PoE  models  in  a  1RU  form  factor.  It 
can  support  as  many  as  26  PoE  Plus  ports  with 
redundant  power,  includes  four  lOO/lOOOMbps 
fiber  uplinks,  and  an  optional  two  port  10G 
Ethernet  module. 

Lastly,  Brocade  is  unveiling  an  application 
switch  for  service  providers  designed  to  scale 
performance  and  density  as  data  centers  and 
content  demands  grow.  The  Serverlron  ADX 
supports  70Gbps  of  Layer  4-7  throughput  and 
16  million  Layer  4  transactions  per  second  in  a 
320Gbps  switch  fabric.  It  is  available  in  fixed 
and  chassis  configurations  with  inter¬ 
changeable  modules,  Brocade  says. 

The  Turboiron  24X  costs  $12, OOO.The  Fastlron 
CX  costs  $5,500  and  the  Serverlron  ADX  costs 
$22,000.A11  are  scheduled  to  be  available  in  the 
third  quarter. 

Instead  of  new  switches,  Brocade  competitor 
Extreme  is  set  to  unveil  new  modules  for  its 
existing  BlackDiamond  8800  chassis  that  effec¬ 
tively  make  it  into  a  new  switch  —  which  Ex¬ 
treme  calls  the  BlackDiamond  8900. The  mod¬ 
ules  include  a  switch  fabric  card  that  provides 
up  to  128Gbps  per  slot  on  the  8900,  Extreme 
says.  They  also  include  a  24-port  10G  Ethernet 
module  and  a  96-port  Gigabit  Ethernet  card. 

The  boards  are  designed  to  scale  the  8900  to 
582  10G  Ethernet  ports  per  rack  while  using  the 
same  chassis  customers  already  have  to  lower 
upgrade  costs.  Extreme  says  it  is  now  the 
leader  in  per-slot  switching  capacity  and  10G 
port  density  per  rack  with  the  8900  blades. 

Extreme  also  says  the  modules  use  a  maxi¬ 
mum  of  2  watts  per  Gigabit  Ethernet  and  10 
watts  per  10G  Ethernet  port. 

“When  Cisco  came  out  with  the  Nexus  7000, 
a  lot  of  customers  are  on  the  [Cisco]  Catalyst 
6500.  Now  they’re  going  to  have  to  replace  a 
working  piece  of  equipment  with  this  new 
[switch] ,”  says  analyst  Bill  Terrill  of  Current 
Analysis.  “What  Extreme  has  done  is  gone 
ahead  and  said  we  are  compatible  with  the 
chassis, you  can  keep  using  existing  blades,  and 
if  you  need  higher  performance  . . .  they  have 
an  ongoing  extension.” 

The  8900  switch  fabric  card  and  96-port  Giga¬ 
bit  Ethernet  module  cost  $25,000  apiece.  The 
24-port  10G  Ethernet  module  costs  $45,000. 
They  will  all  be  available  later  this  quarter. 

Lower  TCO  is  also  3Com’s  rallying  cry  for  re¬ 
entering  the  U.S.  large  enterprise/data  center 
switching  market  after  exiting  it  —  twice.  In 
2000, 3Com  alienated  its  largest  enterprise  cus- 


Brocade's  lOGbps  top  of  rack  switch 
supports  up  to  488Gbps  line  rate,  non- 
blocking  performance  with  24 10 
Gigabit  Ethernet  SFP+  ports. 


tomers  by  abruptly  killing  its  CoreBuilder 
switch  and  encouraging  customers  to  migrate 
to  Extreme.  3Com  then  attempted  a  reentry 
into  the  large  enterprise  switching  arena 
through  a  joint  venture  with  China’s  Huawei  in 
2003.That  venture  was  successful  in  China  but 
barely  made  a  dent  in  the  United  States. 

A  few  years  later,  3Com  bought  out  Huawei’s 
stake  in  the  joint  venture  and  in  2008,  after  a 
failed  attempt  to  be  acquired  by  Bain  Capital 
and  Huawei,  3Com  established  its  leadership 
and  operational  focus  on  China  when  it 
named  Robert  Mao  as  CEO,  replacing  Edgar 
Masri. 

3Com  is  attempting  to  reestablish  itself  in 
United  States  and  other  international  data  cen¬ 
ters  and  large  enterprises  after  a  successful  run 
in  China,  where  it  claims  market  share  leader¬ 
ship  in  enterprise  switches  and  routers.  3Com 
says  the  time  is  ripe  for  tapping  the  U.S.  market 
because  the  recession  is  sowing  the  seeds  of 
disruptive  change  and  prompting  users  to  con¬ 
sider  alternatives  to  their  incumbent  vendors, 
says  President  and  COO  Ron  Sege. 

But  3Com’s  banking  on  past  practices  to  re 
engage  itself  with  large  enterprises  globally: 
undercutting  the  competition  on  price  and 
TCO.  Even  though  3Com  did  not  announce 
pricing  on  its  SI 2500  data  center  switch,  the 
company  is  claiming  price/performance  ad¬ 
vantages  over  Cisco’s  Nexus  7000  —  twofold  in 
performance  and  density  —  and  half  the 
power  consumption. 

The  SI 2500  can  support  as  many  as  512  10G 
Ethernet  ports  and  864  Gigabit  Ethernet  ports 
in  a  full  rack  configuration,  3Com  says.  It  fea¬ 
tures  2.2  billion  pps  forwarding  and  6.6Tbps 
switching  capacity  in  an  architecture  designed 


for  future  40/100G  Ethernet,  Fibre  Channel 
over  Ethernet  and  data  center-optimized 
Ethernet  applications. 

3Com  also  is  rolling  out  a  fixed  configuration 
switch  that  can  be  virtually  stacked  to  achieve 
performance  comparable  with  a  modular 
switch.  The  S5800G/XG  switch  is  designed  for 
top-of-rack  data  center,  midsized  enterprise 
core  and  high-density  access  applications.  It 
supports  24  10G  Ethernet  ports  or  as  many  as 
192  in  a  virtual  stack;  and  80  Gigabit  Ethernet 
ports  or  640  per  stack. 

The  S5800  is  also  field  upgradeable  to  FbE 
and  PoE  Plus,  3Com  says.  The  company  will 
also  roll  out  a  management  application,  called 
the  H3C  Intelligent  Management  Center  (IMC), 
for  centralized  FCAPS  management  of  its 
switches  and  routers,  and  third-party  devices. 

But  will  any  of  this  make  a  difference  to  non- 
Chinese  large  enterprise  users  that  3Com  twice 
backed  away  from? 

“Their  credibility  is  challenged,”  says  analyst 
Zeus  Kerravala  of  the  Yankee  Group.  “1  think 
though  that  the  current  economy  cuts  them  a 
break.  The  Cisco  premium  is  becoming  quite 
[burdensome] .  The  SI 2500  is  a  good  switch 
and  product  quality  has  never  been  a  problem 
for  3Com.  But  can  they  secure  a  large  systems 
integrator  partner  and  how  long  will  it  take 
them  to  get  some  really  good  lighthouse  wins” 
outside  of  China? 

The  SI 2500  and  S5800  switches  are  slated  to 
ship  in  July  The  S5800  is  priced  from  $6,500  to 
$18,000.  The  IMC  software  is  expected  to  be 
available  in  June;  pricing  was  not  disclosed. 

Market  mainstay  ForcelO  will  emphasize 
density  with  a  90-port  lO/lOO/lOOOBase-T  line 
card  for  its  recently  introduced  ExaScale  E- 
Series  600  and  1200  switches.  The  line  card 
delivers  total  non-blocking  throughput  of  more 
than  1  billion  packets  per  second  and  reduces 
power  consumption  by  as  much  as  70%  per 
port  over  competitive  offerings,  Force  10  says. 

The  card  allows  the  ExaScale  switch  to  sup¬ 
port  up  to  1,260  lO/lOO/lOOOBase-T  ports  in  a 
single  chassis,  or  630  in  a  half-rack  configura¬ 
tion.  Pricing  starts  at  $60,000  and  it  will  be  avail¬ 
able  in  June.B 
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Cyberbullying?  No,  it’s  just  bullying 


■  really,  really  want  to  believe  that  our  repre¬ 
sentatives  in  the  government  are  smart  and 
always  try  to  make  good  decisions  and 
behave  rationally  but  time  and  again  I’m  disap¬ 
pointed.  And  when  it  comes  to  the  pols  dealing 
with  technology  and  the  Internet,  it  seems  like 
clear  thinking  will  be  part  of  their  agendas 
about  the  time  that  Hell  freezes  over. 

For  example:  Rep.  Linda  T. Sanchez  (D-Calif.), 
along  with  14  more  of  Washington’s  finest,  are  sponsoring  a  bill  called 
The  Megan  Meier  Cyberbullying  Prevention  Act.This  bill,  which  seeks 
to  criminalize  electronic  bullying,  was  first  proposed  a  year  ago  and 
many  of  us  hoped  it  would  wither  and  die.  No  such  luck. 

UCLA  School  of  Law  professor  Eugene  Volokh  sums  it  up  this  way  in 
his  blog: “Whoever  transmits  in  interstate  or  foreign  commerce  any 
communication,  with  the  intent  to  coerce,  intimidate,  harass  or  cause 
substantial  emotional  distress  to  a  person,  using  electronic  means  to 
support  severe,  repeated  and  hostile  behavior,  shall  be  fined  under  this 
title  or  imprisoned  not  more  than  two  years,  or  both.” 

In  this  bill  the  term  “communication”  is  defined  as  “the  electronic 
transmission,  between  or  among  points  specified  by  the  user,  of  infor¬ 
mation  of  the  user’s  choosing,  without  change  in  the  form  or  content  of 
the  information  as  sent  and  received”.  And  “electronic  means”  is  articu¬ 
lated  as  “any  equipment  dependent  on  electrical  power  to  access  an 
information  service,  including  e-mail,  instant  messaging,  blogs, Web 
sites,  telephones  and  text  messages.”That’s  rather  all  encompassing. 

This  bill  was  proposed  because  of  the  sad  case  of  Megan  Meier,  a 
Missouri  teenager,  who,  in  2006,  committed  suicide  at  the  age  of  13 
because  of  “cyberbullying”. The  bully  was  the  mother  of  Meier’s  former 
friend  and  the  vehicle  used  for  the  bullying  was  MySpace. 


When  this  case  emerged  the  media  hype  machine  swung  into  gear 
and  the  “cyber”  side  of  the  issue  was  inflated  out  of  all  proportion  to 
reality  And,  of  course,  almost  immediately  all  politicos  worth  their  salt 
were  lining  up  to  demand  greater  controls  on  social  media. 

I  am  constantly  amazed  at  how  people  —  otherwise  sensible,  articu¬ 
late  people  —  will  preface  everything  with  “cyber”  as  if  it  confers  more 
depth  and  profundity  than  the  unadorned  word  or  phrase. 

Take  “cyberbullying”.  How  is  that  factually  different  from  everyday 
bullying?  If  you  think  that  this  turn  of  phrase  is  somehow  justified  then 
why  don’t  we  start  slicing  and  dicing  the  contexts  even  more  assidu¬ 
ously?  We’d  have  telephone-bullying,  cell  phone-bullying, shouting-at- 
someone-on-the-street-bullying,  and  staring-in-a-mean-way-bullying.  It’s 
the  act  and  its  consequences  that  matter,  not  the  medium. 

I’m  all  for  laws  that  will  make  our  culture  safer,  particularly  where 
children  are  concerned,  but  here  we  have  an  attempt  to  frame  a  con¬ 
text  for  dealing  with  “cyberbullying”  that  has  insane  ramifications,  mak¬ 
ing  it  a  classic  demonstration  of  the  law  of  unintended  consequences. 

As  Volokh  points  out,  the  bill  is“breathtakingly  broad  ...  [and]  would 
criminalize  a  wide  range  of  speech  protected  by  the  First  Amendment 
...if  passed  into  law  (and,  if  it  survives  constitutional  challenge)  it 
looks  almost  certain  to  be  misused.”To  put  that  another  way  by  spon¬ 
soring  this  bill  Sanchez  and  friends  have  demonstrated  a  willful  indif¬ 
ference  to  Constitutional  law  and  common  sense. 

It’s  time  that  the  whole  “cyber”  nonsense  was  retired  and  lawmakers 
stopped  treating  events  that  aren’t  unique  to  the  ‘Net  as  special  cases 
to  gain  political  leverage. 

I  know  —  it  is  ridiculously  optimistic  to  even  think  this  could  happen 
...  at  least  until  Cyber-Hell  freezes  over. 

Admit  you  use  “cyber" at  backspin@gibbs.com. 
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Mark  Gibbs 


Meet  Francis,  a  failed  phisher 
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The  subject  line  alone  was  enough  to 
unmask  this  criminal  mastermind: “This 
message  it  is  confidential.” 

This  message  it  is  really  not  from  the  IRS. 
We’ve  all  seen  cruder  and  more  laughable 
specimens,  but  this  one  caught  my  eye 
because  it  showed  up  minutes  after  a  call  from 
my  wife  informing  me  that  our  refund  check 
had  arrived. That  the  real  tax  man  would  be 
sending  a  confirmation  e-mail  was  conceivable 
for  the  split  second  it  took  me  to  hop  from  the  phony  sender  address 
—  about@irs.taxrefund.gov  —  to  the  stilted  “This  message  it  is  . . .” 
Inside,  however,  we  find  only  the  inconceivable. 

“This  is  Francis  V  from  the  Refund  Operations  Department  at  Internal 
Revenue  Service  (United  States  Department  of  the  Treasury).  After  the 
last  annual  calculation  of  your  fiscal  activity  we  have  determined  that 
you  are  eligible  to  receive  a  tax  refund  of  $184.23.” 

Bu  ...  bu  . . .  but,  Fran,  my  man,  our  accountant  —  a  fella  we’ve  trusted 
for  years  —  had  calculated  our  refund  at  an  amount  with  another  digit 
attached.  How  could  he  have  gone  so  far  wrong?  And,  as  noted,  we’ve 
already  gotten  the  check  from  Uncle  Sam. 

No  matter,  Francis  V.is  on  a  roll. 

“Please  submit  the  tax  refund  request  and  allow  us  3-9  days  in  order 
to  process  it.  A  refund  can  be  delayed  for  a  variety  of  reason.  For  exam¬ 
ple  (invalid  records  or  applying  after  the  deadline). The  good  news  is 
that  Internal  Revenue  Service  will  make  this  refund  directly  to  your 
visa  and/or  mastercard  linked  to  your  checking/savings  account 
instead  a  check  or  a  direct  deposit.” 

Francis  V  is  from  the  government  and  he’s  here  to  help.  All  you  have 
to  do  is  cooperate  by  following  a  few  simple  steps. 

“To  access  the  form  for  your  tax  refund,  please  download  our  secure 


server  form  at  the  attachment  file  below  this  letter’’ 

Even  in  the  interest  of  writing  this  column,  I  dared  not  go  near  that 
attachment. 

“Important:  Do  not  use  credit  and/or  american  express  or  discover 
cards.  Only  cards  that  are  linked  to  your  checking/savings  account  are 
accepted.” 

Experts  insist  that  people  fall  for  this  stuff  and  I’m  sure  that’s  true  in 
general.  Francis  V,  however,  needs  to  polish  his  skills  or  find  another 
line  of  crime  ...  and, according  to  his  online  trail, he’s  been  at  this  one 
since  at  least  2007. 

Yet  he  is  nothing  if  not  polite: “Regards,  Francis  V,  Internal  Revenue 
Service  -  Tax  Refund  Specialist 

“NOTE:  After  all  steps  are  complete,  please  delete  the  form  &  letter 
from  your  computer  &  email.” 

You  can  never  be  too  careful,  after  all,  or  in  the  final  words  from 
Francis  V: “This  details  are  very  confidential!” 

What  does  security  software  have  to  do  with  swine  flu? 

Absolutely  nothing. Yet  that  lack  of  any  connection  did  not  deter 
Cyber-Ark  Software  from  sending  a  press  release  with  this  headline: 
“Cyber-Ark’s  security  helps  keep  Swine  Flu  under  control.” 

Uh,  how’s  that?  Well,  it  seems  that  medical  professionals  would  be 
incapable  of  communicating  with  one  another  and  transferring  sensi¬ 
tive  patient  data  electronically  without  the  sense  of  security  offered  by 
this  vendor’s  products. 

And  we  would  all  have  swine  flu  by  now. 

Of  course,  vendors  are  always  trying  to  attach  their  wares  to  the  news 
of  the  day;  we’re  used  to  that  sort  of  thing  around  here. 

But  usually  there’s  at  least  a  germ  of  a  connection. 

Need  to  connect  with  me?  The  address  is  buzz@nww.com. 
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ALTERNATIVE  THINKING  ABOUT  SERVER  ECONOMICS: 
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Now  more  than  ever,  you  need  your  money  to  work  harder.  With  the  new  generation 
of  HP  ProLiant  G6  Servers  with  Intel®  Xeon®  processor  5500  series  you  dramatically 
improve  energy  efficiency,  flexibility  and  performance.  And  more  reliability  in  each 
system  means  you  can  reduce  business  risk  as  you  increase  your  productivity. 

Decrease  your  IT  support  costs  to  an  absolute  minimum.  HP  Insight  Control  Suite  (ICE) 
will  help  you  to  reduce  operational  expenses  by  up  to  $48,380  per  100  users 

For  total  peace  of  mind,  HP  Care  Pack  Services  deliver  industry  leading  automated 
24X7  system  monitoring,  diagnosis  and  fault  notification  to  protect  your  investmen 
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$3,499  (Save  $2,319) 

Lease  for  just  $85/mo.“ 

BJEEluvS  [PN:481657-001] 


Special  0%  financing  for  up  to  36  months  also  available.* 
To  learn  more,  call  l-866-625-0812orvisithp.com/go/G6superstar9 
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SmartBuy  price  of  $3,499,  BL  Server:  $3,383-5350  instant  savings = SmartBuy  price  ot  $3,033;  DL  Server:  $3,731-5762  instant  savings  =  SinartBuy  price  of  $2,969.  financing  available  through  Hewlett-Packard  Financial  Services  Company  and  its  subsidiaries  (HPFSC)  to  qualified 
commercial  customers  in  the  U.S.  ond  is  subjectto  credit  approval  and  execution  of  standard  HPFSC  documentation.  Prices  shown  me  based  on  a  lease  4  8  months  in  term  with  a  fait  market  value  purchase  option  ot  the  end  of  the  term  and  ate  valid  through  July  3 1 , 2009.  Other  rates  upply 


for  other  terms  and  transaction  sizes.  Financing  is  available  on  transactions  greater  than  $349.  Other  charges  and  restrictions  may  apply.  HPFSC  reserves  the  right  to  change  or  cancel  this  program  at  any  time  wilhoot  notice.  *  Financing  available  throuahHewlett  Packard  Financial  Sei  vices 
.  ilitied  commercial  customers  in  the  US  and  Canada  ond  is  subject  to  credit  appiovol  and  execution  of  standaid  HPFSC  documentation.  Of  let  valid  through  July  31 , 2009  on  transactions  in  the  United  States  between  $1, 500  ond  $1 50,000  USD 


Compony  and  its  subsidiaries  (HPFSC)  to  qualil  -  .  . . 

ond  in  Canada  between  55,000  CAD  ond  $1 50,000  CAO.  Zero  percent  financing  assumes  transaction  is  documented  as  a  lease  with  a  S 1  end-of-teim  putebnse  option  (or  local  countiy  equivalent)"  assuming  lessee  is  not  required  to  pay  any  nominal  end-of-tetm  purchase  ptice  at  the  end 
of  the  lease  term  ond  disregarding  any  changes  poyobie  by  lessee  other  than  teat  payments  such  os  maintenance,  taxes,  fees  and  shipping.  This  of  let  cannot  be  combined  with  any  other  rebate,  discount  ot  promotion  without  prior  approval  by  HP  and  HPFSC.  Rates  ate  based  on  customer's 

"HP  products  me  eligible  fot  the  0%  lease  rate.  Not  all  customers  may  qualify  lot  these  rates.  Other  restrictions  may  apply.  HPFSC  reserves  the  tight  to  change  ot  cancel  this  program  ot  any  time  without  notice. 


aedit  rating,  financing  terms,  offering  types,  equipment  type  ond  options.  Not  all  HP  pioducts  me  eligible  foi  the  0%  lease  rate.  Not  all  customers  moy  qualify  tot  these  rates.  ( 
Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  me  trodemmks  of  Intel  Corporation  in  the  U.S.  ond  other  countries. 
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THE  BARRIERS  TO  VIRTUALIZATION  FALL  AWAY. 


THE  VIRTUAL.  THE  PHYSICAL 


HOW  FAR  WILL  YOU  TAKE  VIRTUAL? 


With  Microsoft  Virtualization  you  can  manage  both  physical  and  virtual  Hyper-V” 
servers  and  desktops  using  the  same  management  platform,  Microsoft  System  Center. 

And  if  you  have  VMware  ESX,  System  Center  can  manage  it,  too.  From  the  datacenter 
to  the  desktop,  you  manage  virtualization  more  powerfully  and  easily  than 
ever  before.  Explore  the  virtual  at  microsoft.com/virtualization 


